Archive for the ‘OWASP’ category

« Mark Curphey – SecurityBuddha.com home page
« Older Entries

Farewell Security Buddha – Hello Curphey 2.0

March 5, 2010

I openly admit I had a mis-spent youth. I was expelled from school and then went on a rampage of sex, drugs, booze and rock and roll for the best part of a decade. I lived hand to mouth and did everything from stacking yogurts in a yogurt factory (working nights), selling houses, working behind [...]

Categories: Beautiful Security, Careers, Getting Things Done, Long Tail Security, Microsoft, OWASP, Productivity, Security Blogs, Security Book Reviews, Security Bullshit, Security Industry, Software Development, Software Security, Speaking, Technology Commentary, Travel, UX, Working at Microsoft, information security, open source

Comments: 9 Comments

Team Foundation Server (TFS) and the Open Web Application Security Project (OWASP) Top Ten

November 21, 2008

Nice article over on MSDN here.

Categories: Microsoft, OWASP

Comments: 2 Comments

Beautiful Security

October 24, 2008

I am currently writing a chapter for a new O’Reilly book called Beautiful Security. You can pre-order it on Amazon now. There is a whole series of them following up from Beautiful Code including Beautiful Architecture from their Theory In Practice Series. This series has some of my favourite books including Scott Berkuns Making Things [...]

Categories: Books, Information Security Economics, OWASP, Security Book Reviews, Security Industry, Social Networking, Software Development, Software Security

Comments: 1 Comment

OWASP CISO Panel

October 20, 2008

I didn’t go to OWASP NYC (put off by the vulnerability circus to be brutally honest) but I just watched the CISO panel and it’s just fantastic to see a panel of CISO’s discussing really important application security topics. Jim Routh ‘…..view application security as a supply chain management problem’. Very wise! ‘Static analysis tools [...]

Categories: Information Security Economics, OWASP, Security Industry, Web Security, information security, open source

Comments: 5 Comments

Microsoft Joins OWASP

October 12, 2008

If you navigate over to the OWASP members page you will see a new logo It’s an interesting full circle for me having started OWASP back in 2001 and now having had a hand in one of the biggest technology companies in the world (my current employer) joining. Someone sent me a mail on Friday [...]

Categories: Microsoft, OWASP

Comments: 3 Comments

Are You a Builder or a Breaker

September 10, 2008

I am reading Brain Rules; great book! In the opening chapter there is a wonderful quotation from an interview with Frank Lloyd-Wright that resonates with how I feel about the application security industry. “When I walk into St. Patrick’s cathedral here in New York City, I am enveloped with a feeling of reverence”, said Mike [...]

Categories: Information Security Economics, Long Tail Security, OWASP, Productivity, Security 2.0, Social Networking, Software Development, Software Security, Technology Commentary, Web Security

Comments: 21 Comments

Social Networking, Crowd Sourcing and Security

June 10, 2008

I thought I posted this a while back so my apologies. At the OWASP Conference I spoke about social networking and how it may be applied to security domain in the future.  I used the slide below.     In a related but unconnected event, that Friday someone of the team sent out a simple [...]

Categories: Cool Business, Microsoft, OWASP, Security Industry, Social Networking, Speaking

Comments: 3 Comments

Checklists Are Not For Dummies, Dummy!

May 24, 2008

At the OWASP Conference in Belgium this week I had a slide about checklists. This is the story behind the slide. My boss at Microsoft has a friend who is a pilot. He did his pre-take-off checklist and was cleared to taxi onto the runway by air traffic control. He consulted his checklist one more [...]

Categories: Information Security Economics, OWASP, Security Industry, Speaking, information security

Comments: 6 Comments

Presenting Security Ideas or Driving Agendas?

May 24, 2008

I opened the OWASP Europe Conference this week with a slide (below) about vendor neutrality. In essence I urged attendees to consider the motivations of those presenting various ideas at the conference; including myself of course. During the conference it was pointed out that the moderator of a panel “The PCI 6.6 Dogfight – to [...]

Categories: Information Security Economics, OWASP, Quotes, Security Industry, Speaking

Comments: 1 Comment

What Do Online Communities and Global Politics Have in Common?

April 13, 2008

I got back from Redmond yesterday. I am getting old so couldn’t sleep well last night; luckily for me the BBC shows Our World during the night and I caught Danger – Democracy at Work. As usual it was a superb bit of journalism this time questioning Americas dogma to spread their own blend of [...]

Categories: Information Security Economics, OWASP, Social Networking, open source

Comments: Be the first to comment

« Older Entries