2010
03.22

It’s time for the ISIG (Information Security Interest Group) meeting again. This week MorningStar Security will be sponsoring some beer.

When: 6.45pm, Thursday the 25th of March (The last Thursday of the month)

Where: Upstairs in the couch area at the Canterbury Innovation Incubator, 200 Armagh St. The doors to the Canterbury Innovation Incubator will be locked. Press the doorbell inside the open roller doors or TXT 0272 646 959 for entry.

Speaker: Andrew Horton (urbanadventurer) will be speaking about fingerprinting the top 100,000 websites with WhatWeb.

See you there ๐Ÿ™‚

2010
02.12

Tomorrow I leave for India to conduct a workshop at IIT Guwahati, a prestigious Indian university. I was invited by Vivek Ramachandran of Security Tube fame to lecture and provide a workshop on information security for ISEA (Indian Security Education & Awareness) which is a project organised by the Department of Information Technology of the Government of India.

The purpose of ISEA is to improve understanding of IT security so my first thought was that the OWASP Top 10 Risks is perfect for this so I’m going to explain the new 2010 release candidate list.

Here’s my talk abstract:
Introduction to web hacking. Information on how to detect, prevent and exploit the top ten most
common web vulnerabilities as specified by OWASP (Open Web Application Security Project). Practical
attack scenarios and demonstrations will be given for each of the classes of vulnerability. The 2010
OWASP Top 10 vulnerability classes are injection, cross site scripting (XSS), broken authentication
and session management, insecure direct object references, cross site request forgery (CSRF),
security misconfiguration, failure to restrict url access, unvalidated redirects and forwards,
insecure cryptographic storage, insufficient transport layer protection. Examples will be given in
PHP because it is the most common web language.

Interestingly enough, IIT is an Indian university featured in the Dilbert cartoon strips.

2010
01.26

Update: CISG has been absorbed into the Information Security Interest Group (ISIG). All meeting details are the same except for the name which is now, ISIG Christchurch Chapter.

I’m setting up the Christchurch Information Security Group (CISG) ISIG Christchurch Chapter to help organise the local Information Security community. It’s a casual meeting for information security enthusiasts to network and collaborate on projects. Business, academic and amateur people are welcome.

When: 6.45pm, the last Thursday of the month, beginning Thursday 28th of January.

Where: Upstairs in the couch area at the Canterbury Innovation Incubator, 200 Armagh St.
The doors to the Canterbury Innovation Incubator will be locked. Press the doorbell inside the open roller doors or TXT 0272 646 959 for entry.

Questions and comments are welcome ๐Ÿ™‚

2009
12.02

I was a speaker at the annual, New Zealand IT security conference, Kiwicon, in Wellington this year. I spoke on “New Zealand Web Reconnaisansse with WhatWeb”. Kiwicon is fast growing a reputation as a conference of the highest international standard.

Talk abstract: Ever wanted to web scan all of New Zealand but didn’t have the right tools? Me too, so I developed WhatWeb, a next generation website identification scanner. With stealth-mode turned all the way up to 11 it’s less intrusive than the Google crawler and eminently suitable for large scale internet scanning. Look foward to juicier web statistics than at NetCraft.com and a guided tour to the unindexed websites hidden among NZ’s 6 million allocated IPs. The web space is littered with voip phones, web cameras, printers, routers and bizzare devices to amaze and astound you. WhatWeb will be officially released at Kiwicon 2009.

Tools published at the Kiwicon conference:

  • Whatweb – next generation webscanner. Whatweb homepage
  • bing-ip2hosts – Enumerate hostnames from Bing.com for an IP address.
    Bing.com is Microsoft

2009
12.02

I was a guest speaker at the NZITF (New Zealand Internet Task Force) meeting on Friday, November 27th. I spoke on the topic of WebWatcher and next generation web scanning. I wish to thank Paul McKitrick for inviting me to speak. The talk was well received, I enjoyed presenting and met some interesting people.