Dinis Cruz Blog

A personal blog about: transforming Web Application Security into an 'Application Visibility' engine, the OWASP O2 Platform, Application/Data interoperability and a lot more

Pages

  • Home
  • AppSec Presentations
  • OWASP O2 Platform
  • Real-Time Vulnerability Feedback in VisualStudio
  • About

AppSec Presentations

Slides for presentations delivered at multiple conferences:
  • Hacking Portugal and making it a global player in Software development
  • Veracode Automation CLI (using Jenkins for SDL integration) 
  • SecDevOps Risk Workflow - v0.6
  • Surrogate dependencies (poc in node js)
  • NodeJS security - still unsafe at most speeds
  • Turning TDD upside down - For bugs, always start with a passing test
  • Using JIRA to manage RISKS
  • AppSec and Software Quality
  • New Era of Software with modern Application Security 
  • RESTing On Your Laurels will Get You Pwned
  • Inconvenient Truth(s) on Application Security
  • OWASP O2 Platform - Automating Security Knowledge through Unit Tests
  • Making Security Invisible by Becoming the Developer's Best Friends
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Home
Subscribe to: Posts (Atom)

Search

Labels

AngularJS (32) AppSensor (1) ASP.NET MVC (5) Atom (1) Azure (13) BBC (1) BDD (2) Book (22) BSIMM (3) Cassini (1) CatNet (17) Checkmarx (18) Chrome (11) Code Cafe (1) Code Club (5) Code Coverage (1) CodingLab (4) Coffee-Script (1) Company Tips (1) Contract Work (10) CSharp (1) DefCon (9) Design (16) Development (8) Diagram (1) Down memory lane (1) Eclipse (37) Education (6) ESAPI (4) ESTAPI (5) Exploits (1) Firebase (7) FluentNode (4) FluentSharp (22) Football (1) Fortify (8) Frameworks (3) Funny (2) Future Self (3) Fuzzing (6) FxCop (1) Gamification (3) GenerationZ (6) Git (38) GitHub (40) Google (13) Graphs (1) Groovy (8) Half-baked Idea (16) HTML 5 (1) IBM (30) Ideas (1) IKVM (1) Jade (1) Java (27) Javascript (3) JIRA (5) JIRA Book (5) Jni4Net (15) Job Oportunity (4) JRebel (4) JsTestDriver (2) JustCode (5) Karma Point (1) Karma Points (1) KarmaJS (7) Kernel (1) Lambda (1) LeanPub (19) Learn-to-Code (4) Linux (3) Live Writer (6) London (3) Markdown (3) Mass Assignment (2) Maths (1) MediaWiki (1) Minecraft (3) Misc (1) Mobile Security (1) MVC (4) NCrunch (8) NDepend (3) NGit (5) NodeJS (12) NuGet (5) NUnit (11) O2 (1) O2 Platform (226) O2 Platform Tool (25) O2 Script (2) O2Platform (14) Open Source (1) OS-Summit (1) OSx (6) OunceLabs (13) OWASP (99) OWASP MIA (14) Owasp Summit (23) Patterns (1) PCI (1) PDFs (17) Philosophy (78) PhotoBox Group (3) Portugal (1) PostSharp (1) Presentation (20) Privacy (2) Quality (9) Question (5) Rant (32) Raspberry PI (2) RazorSharp (4) REPL (55) REST (7) RfP (2) RISK (1) Roslyn (14) Sandboxing (2) SAST (31) SecDevOps (62) Security (71) Security as BRAKES (1) Security as TAX (24) Security Champions (7) Security Innovation (4) Selenium (10) Services (5) Simple Microsoft (5) Simplicity (1) Software Quality (24) Sport (1) Spring Framework (17) TeamCity (9) TeamMentor (238) TeamMentor Content (1) TeamMentor Security (14) Testing (13) Threat Modeling (4) To add to O2 (6) To Read (9) Tools (41) Training (1) Trillions (6) Unit Tests (17) UnitTests (2) Video (23) Visualization (10) VisualStudio (30) WAF (2) Wardley_Maps (2) WatiN (13) WebGoat .NET (2) WebStorm (4) WinAPI (25) Windows 8 (5) Wish lists (1) WPF (3) xkcd (1) XmlDecoder (5) XStream (4)

Subscribe using RSS

Posts
Atom
Posts
All Comments
Atom
All Comments

Blog Archive

  • ▼  2018 (11)
    • ▼  December (3)
      • Creating Wardley Maps using Lambda Functions
      • 3 Wardley Maps Templates I’m using to talk to Gene...
      • Please take a look my new https://z-developers.com...
    • ►  October (3)
    • ►  June (2)
    • ►  March (2)
    • ►  February (1)
  • ►  2017 (29)
    • ►  December (1)
    • ►  October (1)
    • ►  June (3)
    • ►  May (17)
    • ►  April (7)
  • ►  2016 (141)
    • ►  December (19)
    • ►  November (20)
    • ►  October (46)
    • ►  September (13)
    • ►  June (9)
    • ►  May (7)
    • ►  April (4)
    • ►  March (6)
    • ►  February (14)
    • ►  January (3)
  • ►  2015 (33)
    • ►  December (4)
    • ►  November (2)
    • ►  October (3)
    • ►  July (2)
    • ►  June (3)
    • ►  May (9)
    • ►  April (2)
    • ►  February (1)
    • ►  January (7)
  • ►  2014 (92)
    • ►  December (3)
    • ►  November (5)
    • ►  September (2)
    • ►  August (9)
    • ►  July (7)
    • ►  June (2)
    • ►  May (7)
    • ►  April (6)
    • ►  March (18)
    • ►  February (16)
    • ►  January (17)
  • ►  2013 (368)
    • ►  December (26)
    • ►  November (12)
    • ►  October (4)
    • ►  September (24)
    • ►  August (21)
    • ►  July (11)
    • ►  June (45)
    • ►  May (47)
    • ►  April (39)
    • ►  March (53)
    • ►  February (20)
    • ►  January (66)
  • ►  2012 (426)
    • ►  December (56)
    • ►  November (74)
    • ►  October (105)
    • ►  September (14)
    • ►  August (8)
    • ►  July (4)
    • ►  June (31)
    • ►  May (53)
    • ►  April (76)
    • ►  March (4)
    • ►  January (1)
  • ►  2011 (71)
    • ►  December (1)
    • ►  November (13)
    • ►  October (11)
    • ►  August (4)
    • ►  July (21)
    • ►  June (5)
    • ►  May (4)
    • ►  April (1)
    • ►  March (4)
    • ►  February (6)
    • ►  January (1)
  • ►  2010 (65)
    • ►  November (8)
    • ►  October (15)
    • ►  September (3)
    • ►  August (2)
    • ►  July (6)
    • ►  June (10)
    • ►  May (4)
    • ►  January (17)
  • ►  2009 (46)
    • ►  December (7)
    • ►  November (11)
    • ►  September (16)
    • ►  August (6)
    • ►  July (1)
    • ►  June (2)
    • ►  May (1)
    • ►  January (2)
  • ►  2008 (7)
    • ►  December (2)
    • ►  November (1)
    • ►  September (4)

Popular Posts

  • Using AngularJS in Eclipse, Part 1) The Basics
    This is the first of four posts on how to run (inside Eclipse) the examples provided in  AngularJS 's home page: Using AngularJS in Ec...
  • New design for o2platform blog and links to post categories
    UPDATE: See also  New design for this blog I just spent some time at the O2 Blog where I selected a new theme and categorized all 80 p...
  • Installing Gradle on OSX
    Gradle is a build automation solution which can be downloaded from  http://www.gradle.org/downloads  and is an really powerful 'Groovy ...
  • Setting up a Minecraft server in Azure (for use at weekly CodeClub session)
    For almost one year, I've been doing a weekly CodeClub  session at one of my kids schools, and sometimes at a local restaurant (see here...
  • Using AngularJS in Eclipse, Part 2) Add Some Control
    This is the second of four posts on how to run (inside Eclipse) the examples provided in  AngularJS 's home page: Using AngularJS in E...
  • C# example of using Firebase REST API
    Once I got my head around how Firebase worked (see here multiple Firebase related posts ), my next step was to figure out a way to send dat...
  • XStream "Remote Code Execution" exploit on code from "Standard way to serialize and deserialize Objects with XStream" article
    At the DefCon 2013 I co-presented (with Abraham and Alvaro ) the  "RESTing On Your Laurels will Get YOu Pwned" , which showed a n...
  • Bypassing asp.net request validation detection, but it is a vulnerability?
    Defence in Depth is a good strategy, specially since part of its core principles is the idea that some of the security measures applied wil...
  • Alternatives to IE WebBrowser Control in .NET
    UPDATE (Jun/13) : see  When the best way to automate Chrome is to use ... Chrome (with examples on Google search, direct AngularJS scope ma...
  • Using XMLDecoder to execute server-side Java Code on an Restlet application (i.e. Remote Command Execution)
    At the  DefCon REST Presentation  we did last week (see slides here ), after the  Neo4J CSRF payload to start processes (calc and nc) on the...
Copyright Creative Commons. Picture Window theme. Theme images by mammuth. Powered by Blogger.