How to render SSL Useless – video version

A while back I posted on the  How to render SSL Useless deck from Ivan Ristic of SSL Labs (now with Qualys) on common mistakes in the deployment of SSL. There is now a video of Ivan presenting this deck at a recent OWASP conference, available at ThreatPost.

Will there be an IT Risk Management 2.0?

This is the title of a short talk I gave recently at an OWASP chapter meeting in Zurich. The audience was small but engaged, and I went over time by quite a bit.  I need to develop the talk further but it is a decent v1.0.

OpenSAMM Assessment Spreadsheet v0.4 available

OWASP has a project called OpenSAMM, or the Open Software Assurance Maturity Model (SAMM). There is an audit framework for OpenSAMM, implemented as a spreadsheet with about 80 questions, grouped into collection of business functions and security practices. You can get the spreadsheet here.