http://www.KRvW.com/index.htmlWhat's happening at KRvWenKen@KRvW.comCopyright 2008-2009 KRvW Associates, LLC2010-08-12T09:23:40-04:00 hourly 1 2000-01-01T12:00+00:00 Thu, 12 Aug 2010 09:26:05 -0400Ken@KRvW.comNone2010-08-12T09:23:40-04:00http://www.KRvW.com/events_log/files/02ce78a1508c867a854d250091a19af4-25.php#unique-entry-id-25http://www.KRvW.com/events_log/files/02ce78a1508c867a854d250091a19af4-25.php#unique-entry-id-25In this month’s Computerworld column, Ken delves into the difficulties faced by companies that run app stores. It turns out that vetting apps for security criteria is a really tough problem to solve, and one that’s not likely to happen to any great degree on any of the popular app stores today.
]]>Ken@KRvW.comIn the news2010-03-16T17:41:33-04:00http://www.KRvW.com/events_log/files/952423b348b704dee11034ddfdb26e1e-24.php#unique-entry-id-24http://www.KRvW.com/events_log/files/952423b348b704dee11034ddfdb26e1e-24.php#unique-entry-id-24This month in Computerworld, Ken continues to delve into examples of how the security community has failed the everyday computer user. Click here to read more on user base misconceptions regarding e-mail and Web site safety.]]>Ken@KRvW.comIn the news2010-02-18T18:59:44-05:00http://www.KRvW.com/events_log/files/1ded2874ab387eaef149e562709566c0-23.php#unique-entry-id-23http://www.KRvW.com/events_log/files/1ded2874ab387eaef149e562709566c0-23.php#unique-entry-id-23In Ken’s February Computer world column, he uses a personal experience to point out how computer security has failed the everyday consumer. Click here to read how this experience further supports his argument for an app store for all users. ]]>Ken@KRvW.comIn the news2010-01-18T16:13:27-05:00http://www.KRvW.com/events_log/files/30fb523e0317a491a16e48b9cc417a23-22.php#unique-entry-id-22http://www.KRvW.com/events_log/files/30fb523e0317a491a16e48b9cc417a23-22.php#unique-entry-id-22Happy New Year! Ever resolve not to repeat mistakes? In January's Computerworld column, Ken discusses IT's 5 big security mistakes that industry never seems to learn from. ]]>Ken@KRvW.comIn the news2010-01-18T15:54:49-05:00http://www.KRvW.com/events_log/files/7ed966e5f1a7eef62edb8b72e2245b87-21.php#unique-entry-id-21http://www.KRvW.com/events_log/files/7ed966e5f1a7eef62edb8b72e2245b87-21.php#unique-entry-id-21Are you an app store fanatic? Click here for Ken's December Computerworld column, where he provides his opinion on the app store model for desktop computers.]]>Ken@KRvW.comAnnouncements2009-11-13T15:40:06-05:00http://www.KRvW.com/events_log/files/83760d820727175bc85673f144e079a0-20.php#unique-entry-id-20http://www.KRvW.com/events_log/files/83760d820727175bc85673f144e079a0-20.php#unique-entry-id-20Saltbush Group. Following recent training for the Department of Education, Employment and Workplace Relations (DEEWR), Ken received the following kind words from one of the students in the class:

"Ken van Wyk runs an up-to-date comprehensive course that I would highly recommend it to anyone in this area.

He presents with years of experience and stories, in a friendly, down-to-earth fashion, adjusting his presentation style to the audience. In the course, he presents a balanced approach and explains the cost-benefits of mitigation controls. He never gets carried away and reminds us of the real goal, which is to serve busines. He doesn't try to push any particular vender, technology or system. Nor does he try to sell you any of his books but he will be glad to sign them if you do.

I learnt a lot and really enjoyed the course. Thanks Ken!"

]]>Ken@KRvW.comIn the news2009-11-13T15:22:29-05:00http://www.KRvW.com/events_log/files/5df29ececc51fbaff3c4061f8d35ec3a-19.php#unique-entry-id-19http://www.KRvW.com/events_log/files/5df29ececc51fbaff3c4061f8d35ec3a-19.php#unique-entry-id-19Computerworld is now available. This month Ken offers his opinion on whether the latest SSL vulnerability can hurt you. Click here to read his column.
]]>Ken@KRvW.comIn the news2009-10-12T12:56:14-04:00http://www.KRvW.com/events_log/files/fdbd4fd0d22dd6ea62190919244a14a1-18.php#unique-entry-id-18http://www.KRvW.com/events_log/files/fdbd4fd0d22dd6ea62190919244a14a1-18.php#unique-entry-id-18Computerworld, Ken's column discusses why application-layer defenses belong in the applications. Click here to read his column.]]>Ken@KRvW.comEvents2009-09-09T16:53:06-04:00http://www.KRvW.com/events_log/files/8bbe4c2dda7842f2314c749d2b08a8f3-17.php#unique-entry-id-17http://www.KRvW.com/events_log/files/8bbe4c2dda7842f2314c749d2b08a8f3-17.php#unique-entry-id-17CLCERT / FIRST Technical Colloquium and Security Workshop in Santiago, Chile, on 20-23 October 2009. (NOTE: The Security Workshop is open to the public, but the FIRST Technical Colloquium is only open to FIRST member organizations.)

Contact us directly for further information.
]]>Ken@KRvW.comIn the news2009-09-03T11:34:59-04:00http://www.KRvW.com/events_log/files/d42b88d37b390869c77d02f9dc4a85de-16.php#unique-entry-id-16http://www.KRvW.com/events_log/files/d42b88d37b390869c77d02f9dc4a85de-16.php#unique-entry-id-16Computerworld. Last month’s column discussed vulnerability disclosure, and this month he takes on SQL Injection attacks and how easy they are to prevent.

]]>Ken@KRvW.comEvents2009-08-21T08:12:51-04:00http://www.KRvW.com/events_log/files/c7b76eb9d966e26342dc69f308e52146-15.php#unique-entry-id-15http://www.KRvW.com/events_log/files/c7b76eb9d966e26342dc69f308e52146-15.php#unique-entry-id-15

• 21-25 September: Advanced Incident Handling, Carnegie Mellon University. Ken and Rick are co-instructing for the Software Engineering Institute, delivering their Advanced Incident Handling class at SEI’s Arlington, Virginia USA facility. Details can be found here.
• 28-30 October: IDS/IPS: Intrusion Detection In-Depth. Ken will be delivering this 3-day, in-depth, hands-on workshop in Rome, Italy for Technology Transfer. Details can be found here.
• 2-4 November: Building Secure Web Applications in Java EE. Ken will be delivering this hands-on workshop in Rome, Italy for Technology Transfer. Details can be found here.
• 10-13 November: The Essential Role of Infosec in Secure Software Development. Ken will be presenting this 1-hour technical session at OWASP DC in Washington, DC, USA. Details can be found here.

For any questions about these events or workshops/sessions, please contact us.

]]>Ken@KRvW.comAnnouncements2009-07-21T18:13:50-04:00http://www.KRvW.com/events_log/files/0dbf42190381306cf8372932cae2476a-14.php#unique-entry-id-14http://www.KRvW.com/events_log/files/0dbf42190381306cf8372932cae2476a-14.php#unique-entry-id-14
This optional day includes 3 in-depth coding labs for software developers to fine tune their Java EE skills. The labs include patching existing Java EE code to make it resilient to cross-site scripting (XSS) and SQL injection flaws, as well as adding various role-based access control code to some existing web servlets.

Additionally, in this 1-day add-on, students will get hands-on exposure to a commercial static code analysis tool by analyzing some existing open source Java software.

See our course descriptions for more details, or contact us directly.

]]>Ken@KRvW.comEvents2009-03-10T00:13:25-04:00http://www.KRvW.com/events_log/files/e385b54e460c3fcef1860c31dbe61af0-13.php#unique-entry-id-13http://www.KRvW.com/events_log/files/e385b54e460c3fcef1860c31dbe61af0-13.php#unique-entry-id-13InfowarCon Online for details.
]]>Ken@KRvW.comIn the news2009-02-27T10:50:56-05:00http://www.KRvW.com/events_log/files/cc245b73def6870253e8cd9e2254c6d0-12.php#unique-entry-id-12http://www.KRvW.com/events_log/files/cc245b73def6870253e8cd9e2254c6d0-12.php#unique-entry-id-12OWASP Podcast as part of their ongoing series of podcasts. Click here for a link to the podcast notes.
]]>Ken@KRvW.comAnnouncements2009-02-23T17:35:25-05:00http://www.KRvW.com/events_log/files/1fcafa5414365bf8428010e951c0cbbd-11.php#unique-entry-id-11http://www.KRvW.com/events_log/files/1fcafa5414365bf8428010e951c0cbbd-11.php#unique-entry-id-11course descriptions for details.]]>Ken@KRvW.comIn the news2009-02-03T11:01:14-05:00http://www.KRvW.com/events_log/files/193e5047fd51d1f1a6f9032fa5beefa0-10.php#unique-entry-id-10http://www.KRvW.com/events_log/files/193e5047fd51d1f1a6f9032fa5beefa0-10.php#unique-entry-id-10OWASP: Helping Web Developers Develop Securely, he talks about some of the great work being done at OWASP to help software developers figure out how to write secure web applications.


]]>Ken@KRvW.comEvents2009-01-30T13:05:44-05:00http://www.KRvW.com/events_log/files/3cf456a2eee4ad24764ad2465ef536ff-9.php#unique-entry-id-9http://www.KRvW.com/events_log/files/3cf456a2eee4ad24764ad2465ef536ff-9.php#unique-entry-id-92009 public speaking engagements listed previously, Ken will also be speaking at this year’s FIRST conference in Kyoto, Japan. The conference runs from 28 June through 3 July. Details are available at the FIRST website.

Ken will be presenting a session on “The essential role of CSIRT in secure software development” in which he’ll highlight things that incident responders can and ought to be doing to assist in an organization’s software development efforts.

]]>Ken@KRvW.comIn the news2009-01-12T16:29:55-05:00http://www.KRvW.com/events_log/files/2ea3826989196da6869887f847674620-8.php#unique-entry-id-8http://www.KRvW.com/events_log/files/2ea3826989196da6869887f847674620-8.php#unique-entry-id-8
SANS Institute - CWE/SANS TOP 25 Most Dangerous Programming Errors

Ken helped out early on with the effort by reviewing and commenting on early drafts. It’s a useful effort that should help us better understand the major underlying problems in our code today. The list should be a must-read for all software developers.

]]>Ken@KRvW.comIn the news2009-01-08T09:16:57-05:00http://www.KRvW.com/events_log/files/2b1d7debb3defe5b6d8a20364d172185-7.php#unique-entry-id-7http://www.KRvW.com/events_log/files/2b1d7debb3defe5b6d8a20364d172185-7.php#unique-entry-id-7Hack forces Twitter into 'full security review'.
]]>Ken@KRvW.comIn the news2009-01-07T13:49:53-05:00http://www.KRvW.com/events_log/files/bb365f3385ec72288c29ba3fb21b307a-6.php#unique-entry-id-6http://www.KRvW.com/events_log/files/bb365f3385ec72288c29ba3fb21b307a-6.php#unique-entry-id-6Security Nightmare in the iPhone App Gold Rush is now up.

]]>Ken@KRvW.comAnnouncementsEvents2008-12-03T11:07:17-05:00http://www.KRvW.com/events_log/files/2f7de4a203b4548deb40c5500eb42ce9-5.php#unique-entry-id-5http://www.KRvW.com/events_log/files/2f7de4a203b4548deb40c5500eb42ce9-5.php#unique-entry-id-5
Here’s quick look at some of what we’ll be doing in Q1 and early Q2:

• Ken will be doing a 1-day tutorial on web application security essentials -- inside the OWASP Top-10 -- at ESSoS | International Symposium on Engineering Secure Software and Systems, in Leuven, Belgium, 04-06 February 2009.
• Again for 2009, Ken will be on the faculty for the annual SecAppDev 2009 seminar in Leuven, Belgium, 02-06 March 2009.
• Ken will present a 1/2-day tutorial at SD West 2008, in Santa Clara, California, 09-13 March 2009.

• Ken will be presenting a 3-day in-depth seminar on Intrusion Detection and Prevention for AdAstra, in Singapore, Singapore, 23-25 March 2009.

• Continuing our strong support for Technology Transfer S.r.l., Ken will be teaching an in-depth 3-day seminar on Building Secure Web Applications in Java/J2EE, in Rome, Italy, 27-29 April 2009.
• LATE BREAKING: Ken will be doing a 1-day tutorial on the OWASP Top-10 security issues at AusCERT2009, in Brisbane, Australia, 17-22 May 2009.

If you’re looking for in-depth technical training at your conference or internally at your company, please don’t hesitate to contact us. We’ll gladly work with you to put together a tailored offering that fits perfectly with your needs.
]]>Ken@KRvW.comIn the news2008-12-03T11:05:33-05:00http://www.KRvW.com/events_log/files/dd1e60ed3e94bf214f61a947f4bdd57e-4.php#unique-entry-id-4http://www.KRvW.com/events_log/files/dd1e60ed3e94bf214f61a947f4bdd57e-4.php#unique-entry-id-4Safe Online Shopping: a Tech Expert’s Tips,” Ken provides some pointers that end users can take to be secure and confident in their holiday shopping.

]]>Ken@KRvW.comIn the news2008-11-16T11:21:05-05:00http://www.KRvW.com/events_log/files/98d94d46623174672f3be43c0de442db-3.php#unique-entry-id-3http://www.KRvW.com/events_log/files/98d94d46623174672f3be43c0de442db-3.php#unique-entry-id-3 found here on datamation.

]]>Ken@KRvW.comIn the news2008-10-07T12:58:13-04:00http://www.KRvW.com/events_log/files/fcd95f4b7bf4c7450c013a2c3737f592-2.php#unique-entry-id-2http://www.KRvW.com/events_log/files/fcd95f4b7bf4c7450c013a2c3737f592-2.php#unique-entry-id-2October column has hit the web.

This month’s topic was about understanding how users will make use of security features in products, and using that knowledge to make the products better.
]]>Ken@KRvW.comIn the news2008-10-01T09:51:54-04:00http://www.KRvW.com/events_log/files/67fb9cc3cb5e149754a4957d8f3bf140-1.php#unique-entry-id-1http://www.KRvW.com/events_log/files/67fb9cc3cb5e149754a4957d8f3bf140-1.php#unique-entry-id-1Gary McGraw’s Silver Bullet podcast. The podcast is available for listening or download here.

The topic was on software security, covering many aspects of what is happening in the field today.

]]>Ken@KRvW.comAnnouncements2008-09-29T14:31:40-04:00http://www.KRvW.com/events_log/files/9841ccce9d2dc0be81ee88cd975d1230-0.php#unique-entry-id-0http://www.KRvW.com/events_log/files/9841ccce9d2dc0be81ee88cd975d1230-0.php#unique-entry-id-0
Ken
]]>