We had an excellent meeting on the 4th July with our guest speaker, Justin Smith, giving a developer’s view of managing website security. He touched on the importance of releasing functional software versus secure software, the evolution of DevOps to bring dev teams together and described his perception of security folks (annoying, paranoid, nay-sayers). His most interesting point was concerning threat sources. He didn’t believe that external threat sources were the most problematic to the web portals they develop and manage (All Homes being the most significant), but rather authorised users. More specifically, insiders that had been fired and were hell-bent on destroying information. This is an important point, as we tend to focus on technical vulnerabilities rather than mitigating human risk. There are a couple approaches to fixing this problem, but Justin’s approach was to ensure everything could be recovered in the event of catastrophic failure of everything. Essentially, when the apocalypse comes, you’ll still be able to purchase a home on All Homes.
Our next scheduled meeting is on the 1st of August, but we’re very lucky to be hosting an OWASP Canberra Special Event. Jacob West will be in town on the 19th of July and has offered to deliver a presentation on Mobile Security to the chapter (and anyone else that turns up). Its great to see an international AppSec rockstar presenting to our fledgling chapter. The first of many I hope.