Saturday, 23 May 2015

Looking at ElasticSearch, Kibana and LogStash

Which look like a really powerful way to capture and visualise data. Here are the best links I found on the topic (i.e. tabs that I had open)

Thursday, 21 May 2015

Thoughts on Security Authentication and on adding security into an SDL

Here is an (slightly edited) 'brain dump' I just wrote on the topic of Authorisation and SDL.

Let me know what are your views on the ideas presented below:

---------------------------------------------------------------------

The need for a strong Auth strategy

Knowing 'who is talking to whom' is a key pillar of security. Since there is going to be a number of parties and players involved, it will not be possible to have a one-size-fits-all Authentication technology/workflow (specially when dealing with the partner's systems and existing SSO technology).

Teach kids how to code by solving their own Maths problems

When i was participating the Hack the Curriculum event last month I realised that we risk doing to coding what we have done to Maths (see A Mathematician's Lament: How School Cheats Us Out of Our Most Fascinating and Imaginative Art Form, available as pdf or book)

We are trying to teach kids how to code in an abstract and 'technical' way, instead of letting them use programming to make the computer do 'something' (which is exactly how most of us learned how to code)

Teaching kids what is a variable, or a function, or an algorithm, is not going to make any sense to them, since those are just 'techniques' into achieving something. The reason kids love Scratch is because it makes programming/coding much more practical and real.

When I was thinking about what else could we use to teach kids how to code, I had my epiphany when I thought about the fact that Kids already solve complex programming problems everyday!!!

It's called MATHS.

Wednesday, 20 May 2015

Can you deliver this 3 day C++/Java course in the UK?

I was asked to deliver the course below in the UK but it is too structured for my style of training and I don't have the time to delivered it.

So if you have the skills and can do it, ping me and I'll put you in touch with the company organising it

My C++ experience, the power of blogs and 'the online brand of an developer'

If you are a developer one of the most powerful things you can do for your carer is to have a solid online 'brand'.

Don't think of it as a place where you tell the world how amazing you are, but as a place where you keep a log of your past ideas and achievements.

In fact, your GitHub account is the place where your skills will be displayed in its purest format, so make sure you have a nice active and healthy presence.

Below you will find the contents of an email I just sent after I was asked 'So ... what is your C++ experience?', and note the difference between the period before and after I starter blogging (i.e links vs no-links)

And the worse part, is that not only I did not share those ideas with you (blog reader), I am also left of out it! (since those ideas and docs and now lost in old memories and laptops/vms long gone)

See Blogging is like speaking to my 'Future Self' for more on the idea that blogging is more about allow you in the future to have access to your ideas today

OWASP and O2 Platform on Slack

There is a new Slack for OWASP https://owasp.slack.com which you can join using the invite at http://owasp.herokuapp.com

In there you will find the https://owasp.slack.com/messages/project-o2 which can be used for all sort of O2 questions and scripts developments :)

See you there

Published to Github Security-Research repo the files I had on DropBox Share

Since dropbox is still refusing to ...

a) host the pdfs I shared (and linked from this blog)

b) let me know which files are the offending ones (see image on right for error show)

... I've just moved all those files into GuiHub

You can get them from https://github.com/DinisCruz/Security-Research/tree/master/O2%20Raw%20Docs

Below is a list of files uploaded. Lots of it is is quite raw format, but there are some good nugets of research in there :)

Sunday, 10 May 2015

Thursday, 7 May 2015

Making users the 'client' not the product (becoming an 'Data Guardian')

There is space in the market for a company to become an Data Guardian for the digital trails and activities created everyday by everybody that users the Internet.

This would be a service provided to the end user (person or company) that would store and anonymize the user's data (as stored or used by 3rd party services), in a way that the user would be able to control who, what, how and when their data is shared and used.

In practice this means that the user would stop being 'the product' (whose data is used and sold without his/her control), and would become 'the customer' (able to control/manage its own data).