Golang and Gracefully Handling Lists in Configuration Files

Most configuration files are processed using ‘object unmarshaling’ (or deserialization) into internal data structures. While this is easy and fast, it’s not very flexible for configuration. In most cases a “single value” and an element with a single value are treated differently.


Comparison of Linux Distributions on AWS EC2

How do various Linux distributions implement a operating system for use in virtualized or cloud environments? One proxy for size and complexity is the number of packages installed. While not a perfect comparison, in general, less is more. In Amazon’s US-WEST-1 region, I fired up the a number of Linux distributions and counted the number of packages installed.


Libinjection: From SQLI to XSS V2

libinjection: From SQLI to XSS (version 2) was first presented at Code Blue, Tokyo Japan on 2014-02-18. English and 日本語

Libinjection: From SQLI to XSS V1

libinjection: From SQLI to XSS (version 1) was first presented at OWASP AppSec Socal, in Santa Monica, California.



Faster Secure Software Development with Continuous Deployment

First presented at PHDays on May 24, 2013 in Moscow, Russia. Why don’t developers care about security issues? Why isn’t security training effective? Why do basic application security problems continue to exist? One reason is that long release cycles disenfranchise developers from caring or even knowing about security or operational issues. Continuous Deployment helps address this by small, but frequent, changes to the production environment. At first, this would seem less stable and less secure, however continuous deployment is a lot more than “pushing code”.

Fixing Security by Fixing Development using Continuous Deployment

First presented at Security Development Conference on May 14, 2013 in San Francisco, USA. Do you have an effective release cycle? Is your process long and archaic? Long release cycle are typically based on assumptions we haven’t seen since the 1980s and require very mature organizations to implement successfully. They can also disenfranchise developers from caring or even knowing about security or operational issues. Attend this session to learn more about an alternative approach to managing deployments through Continuous Deployment, otherwise known as Continuous Delivery.