Today I attended the OWASP (Open Web Application Security Project) conference held at Auckland University. This post follows the timeline of the day, with photos.
The Eight-Thirty cafe had a pleasant coffee I enjoyed while the registration people got all set up. I got in quick before the masses arrived.
Attendance was high this year with the available 900 seats selling out before the day. Actual attendance was slightly lower at 625 according to organisers.
One of my favourite photos with dual projection screens in the main auditorium. 111 Billion lines of code written yearly according to CSO Online. The next slide, not photographed, stated that equated to some gigantic number of bugs and subsequent security vulnerabilities.
This slide showed how reality often differs from theory and reported compliance to process. Pull requests are not necessarily reviewed thoroughly but instead given the green-light by a friend that approved it. Likewise dependencies are not always updated frequently.
Setting up good development processes that include security early on can save costly rework and code released with vulnerabilities. What follows is an amusing photo referencing python and it’s similarity to pseudocode.
There was much in common with the 2015 event although some new things, like the term DevSecOps and Docker containers, that have become mainstream since then.
I was surprised that my last attendance was as far back as 2015, it seemed so much more recent, and I even had to search my Twitter feed to figure out the exact date. That was just after graduating from the post-graduate course “Advanced Information Security” where I was awarded top-in-class.