Sam Buchanan's weblog.

Web App Security presentation

My web application security testing presentation at the MnSCU IT Conference last week went alright, though not as well as I'd hoped. For all I know I'm the only one who was disappointed, though, and that's because I had too-big plans for it. It could have been improved by cutting about 20 minutes of content and planned for more audience interaction: stepping through a threat modeling session, for example, or tried live pen-testing. This was indeed what I intended, but it didn't pan out. I spent a lot of time preparing for the talk — reading, thinking, hacking — but in the end gave inadequate preparation to actually prepping the talk itself, especially being ruthless about what did and did not end up being included. At least I had handouts this year, although I'm already catching heat for my refusal to share the presentation slides. I maintain that the slides are useless outside the context of the talk itself, though that may just be arrogance on my part.

Out of this, two resolutions:

I expect that I can make good on these without too much trouble.

The conference itself was good. No breakout sessions really stood out as fantastic, life-changing events, which is a shame. The best part was probably long conversations with colleagues, something for which there's never opportunity at the office. (It's funny how talking about early Christianity and the process of how texts enter the canon tends to drive others from the breakfast table. :)

I came back from the conference exhausted and a week behind in my reading. Somehow I expected to be able to sleep and read a whole lot more than turned out to be possible.

Update: I've posted my presentation notes.