OWASP DeepViolet TLS/SSL Scanner, [Project Wiki] DeepViolet is a TLS/SSL DAST tool. DeepViolet binaries come packaged for use on the command line, as a desktop application, or alternatively as an API to include within your own projects. What can you do with DeepViolet? Scan your web server for information regarding TLS/SSL connection characteristics like: weak cipher suites, weak signature algorithms, certificates about to expire, examine certificates and certificate chains, download certificates for offline review, and more. DeepViolet is used within the ZAP DAST project to support TLS/SSL scanning. ZAP is one of the largest open source web application security scanning tools and a OWASP flagship project. I am a project leader for DeepViolet and developed the original code
Iron-Clad Java: Building Secure Web Applications, [Book] book project on web application security I did with friends, available on Amazon
OWASP Security Logging Project, [Project Wiki] software project that extends popular SLF4J compliant loggers like log4j and logback to include features helpful for security and auditing. I am a project leader and code contributor with two others
OWASP Board Election Interviews, 2017 [Post w/Audio], 2016 [Post w/Audio], 2015 [Audio], interviewed as a candidate for the OWASP board
Oracle Podcast: Java Spotlight Episode 142: Milton Smith on the JavaOne Security Track [Audio], Advance to around 4:30, interview by Roger Brinkley regarding security improvements in Java and work on JavaOne. Introduce the addition of the Security Track at JavaOne, discuss new security features, insights on security remediation progress
DEVOXX Interview: Interview on Java Security by Yolande [Video], interview regarding security improvements in Java
Java User Group Leaders Call [Audio], and related viral press InfoWorld, ComputerWorld, San Jose Mercury News, Application Development Trends, PC Magazine, The Register, IT News, and more. I didn’t provide any remarkable news on the call but the call came at a time when public desired a response from Oracle around a series of high profile vulnerabilities
Article for Java Advent 2018, Java Data Protection Recommendations. Erik Costlow and I briefly cover a few common Java cryptography challenges encountered by developers on their projects.
Black Hat 2013 Conference Featured Presentation, Oracle: On Java Security, [Web] invited to present by BH leadership candidly on Java security under Non-Disclosure Agreement to top world technology leaders. Featured presenter of three which included, Alex Stamos [Yahoo CSO], and General Alexander [16th Director of the National Security Agency]. An honor and amazing opportunity
Black Hat 2018 USA, DeepViolet TLS/SSL Scanner, upcoming event, more on this soon.
Black Hat 2016 Europe, DeepViolet TLS/SSL Scanner, [Web] presenting November 2016 in London. My slide deck [Slides].
OWASP 2015 AppSec USA Conference Committee, [Web] conference organizer, review researcher submissions
Java 8 Security Highlights [Video], presentation describing new security features for the JRE. More of a marketing video than deep detail but it was fun to participate
JavaOne Conference Security Track/Content Lead, 2013, 2014, 2015, 2017, security track founder/leader, conference organizer, review researcher submissions. Made security a priority at JavaOne by adding it as a full track. Track leader for a few years. Presented several opening track sessions[Video] describing progress on Java security for attendees. Oracle cannibalizes their previous years conference web site to create the new site so I’m not sure where older content is located
OWASP AppSec USA/EU Presenter, presented in the past at both OWASP AppSec USA[Video] in New York City and AppSec EU in Hamburg Germany [Slides]. Also presented at AppSecEU 2016 in Rome on the OWASP Security Logging Project [Slides]
All Day DevOps Track Leader, world-wide free virtual event hosted by Sonatype. I hosted the DevSecOps track
ISC^2 East Bay Chapter, 2017, presentation on security career survival.