Lann Martin and I made our first trip to the Big Apple this September to attend OWASP’s yearly Application Security conference. We heard experience distilled and theories expounded. We learned about new hush-hush security vulnerabilities. We surveyed vendors’ latest offerings in Web Application Firewalls and Source Code Analysis. And, oh yeah, we won the Capture-the-Flag web application hacking competition!

But I’ll get to all these things in their proper sequence. Lann and I entered the Park Central Hotel during the registration period on the conference’s first day and we had no trouble getting registered and into the conference area quickly. The event seemed altogether well organized. One of the things that I thought was a novel and very appropriate idea, given the audience of a conference like this, was that each attendee received a foam ball in his or her conference bag, and was encouraged to throw this ball at any speakers who were long-winded, talking beyond their credibility, or making disallowed plugs for vendors. While this is an idea I loved and would like to see again, it’s worth noting that at the talks that we saw, most balls flew only in jest, and the speakers did very good jobs overall. ... [ read on ]