Application Security Meme

The point of the appsec meme is not to discourage people from security but to encourage education and professional advice.  Often people make judgement calls on security from a very limited position of knowledge that are not helpful at best and sometimes even damaging to a program.

Strong Application Security Focus Continues at JavaOne 2015

JavaOne is a software developers conference held each fall in San Francisco California.  The conference is held at the same time as Oracle’s larger product conference – OpenWorld.  Together both events bring in about 110,000 attendees to the city.  Many streets near the Moscone Center and O’Farrell are only open to foot traffic and serve snacks and beverages to attendees.  There’s something decadent about drinking a hot latte in a recliner on a blocked off street in the middle of San Francisco.

I thought a post was in order since many are surprised to learn Oracle’s JavaOne conference has a security track.  This year is the third year for the security track at JavaOne.  I can’t share too much about this years track just yet but I can share about last years track.  In previous years, the security track included around 40 sessions held over the course of the conference week.  Content covers various areas like open source projects, technologies, platform security, labs, and more.  Many industry verticals are covered like finance, insurance, banking, government, academia, as well as independent researchers.  A key differentiator for JavaOne is that that conference sessions are defensive in nature.  For example, we focus on defensive techniques developers use to strengthen software applications as opposed to offensive techniques to exploit software weaknesses.

JavaOne 2014 Security Sessions (Article)

The security track is not the focus of attention for JavaOne so we don’t have a keynote like other tracks but we provide an opening presentation that launches the track.  Following is the presentation I provided last year to give you some background.

One thing I will say about JavaOne 2015 security track and opening session – you will love it!  To launch the event I invited a security hero of mine.  He’s an early luminary in the security industry, a company founder, testified before Congress on security, interviewed on film, and more.  He will be doing most of the speaking this year and I’m looking forward to his presentation.
JavaOne 2014 USA, Security Track Amazeballs! (More information on JavaOne 2014 security track)
How interesting the security track at JavaOne is depends upon you!  JavaOne is community driven.  Got an interesting proposal on security for JavaOne?  We would love to hear about it.  The CFP is still open but closing soon.

Submit JavaOne 2015 Proposals (Oracle Speaker Registration)

See you at JavaOne!

Drone Flight Training Continues 3

Regarding crash at end of video:  Raw footage shows motors were disarmed in flight (RAW VIDEO).  Unfortunately, it’s more difficult to determine -why- the disarmed occurred.   Originally, I was thinking I may have disarmed accidentally by hitting switch on transmitter. Now I’m not so sure.  Saw the following post on Reddit, Naze32 has unarmed mid-flight a couple of times.  Maybe a software bug.  Brings a whole new meaning to the phrase – server crash.  Software bugs and vulnerabilities of the future will be devastating and touch more than our bank accounts.

Photo: before crash (click to enlarge)
Photo: after crash (click to enlarge)

Thankfully, the crash is not as bad as it looks.  I keep lots of parts on hand but I may need a new flight camera and a new motor torn off arm in crash.  All in all, I’m pretty happy about this flight since flying has been tough for me to master.

Last updated April 28, 2015

I figured out the cause of the crash.  Turns out my Naze32 flight controller board from Abusemark is bad.  Instead of running Cleanflight I tried Baseflight this time.  During a flight yesterday I noticed some flashing of the “Disarmed” message across the magnetometer heading in my Fatsharks.  I landed the craft immediately.  I really like the Naze32 architecture but there may be some quality control issues.  To work around these I decided to look at clone boards like Dragonfly32 and Mullet32.  I ordered a Mullet32 pre-soldered with right angle connectors.  Strange to order a clone for the purposes of better quality and not cost savings.  Seems like I spend hours on the ground for every 10 mins of air.  Keep trying.

Drone Flight Training Continues


Flight testing new expo settings from Milton Smith on Vimeo.

I have graduated from hover testing to actually flying controlled around a field.  Strange but I always thought the challenge with this project would be building the aircraft and software.  It turns out flying is not as easy as it looks but I feel like I’m starting to get the hang of it.  Meanwhile, it gives me some time to think about what I can do with a small aerial platform from a security angle.  Anyway, this has been a really fun project.