Once upon a time, I kept essays in a special place here. That’s changed: almost everything new ends up in my blog. But I’ll still put some of the more essay-like blog entries here, and talks that I give.

Enhancing Your Sites with JavaScript (audio)
This is audio of a talk I gave at MinneWebCon, a one-day conference for web designers and developers at the University of Minnesota. My emphasis was on taking functional pages and layering helpful behaviors onto them with unobtrusive JavaScript.
Web Application Security (parts I & II)
Zip file of slides from two talks I gave at the Minnesota State Colleges and Universities IT Conference in April 2007. Sorry, the slides are graphic intensive so it’s something like a 13 meg download. The first talk looks at web app security in general, using the OWASP Top Ten as the focus. The second talk zooms in on SQL injection, cross-site scripting, and cross-site request forgery.
Web Accessibility for Online Faculty
A talk about web accessibility aimed at Century College faculty teaching online courses. More and more, courses are being put online or have online components, but faculty have no idea how to make web-based materials accessible. They’re just not given training like you’d hope that web designers and developers are (cough! cough!). This was very non-technical, just exposing faculty to the concepts and giving them some concrete things they can do right away to make their courses more accessible. I’ve made a .zip file of the handouts, but a lot of it’s also on a wiki.
Ruby On Rails
An introduction to Ruby on Rails and why I think it and other similar frameworks are poised to be the future of web application development. I have since eased off that position a bit. Rails et al are or should be the near-future of web app development, until we snap out of our obsession with MVC.
Input Validation and Form Security (PDF)
Slides from a talk I gave to the Twin Cities PHP User Group in August 2005. I normally refuse to post slides from my talks, since outside the presentation they’re not too useful, but the group prevailed against my better sensibilities. I actually prepared only the latter fourth of these slides for this presentation; the first three-quarters of them were from presentations that I’d done earlier and decided on the spur of the moment to include.
Web Application Security Testing (.zip file of handouts)
Notes and handouts from a presentation I gave at the Minnesota State Colleges and Universities IT Conference in April 2005. I start out with penetration testing, but the point of the talk is that pen-testing is not enough: security needs to be integrated throughout the software development lifecycle. Handouts includes the OWASP Top Ten, OWASP Penetration Testing Checklist, an overview of threat modeling, countermeasures for the OWASP Top Ten, and a list of the tools and checklists that I discussed during the presentation. webappsec-handouts.zip.
Misuse Cases
Expanding on the idea of use cases to help elicit security requirements.
Email Form Security
Thoughts on safely handling web contact forms that generate email.
Cross Site Scripting
A quick overview.
Cross Site Request Forgeries
Yes, another quick overview.
Web Application Security
Notes for a presentation I gave at the Minnesota State Colleges and Universities IT conference, April 2004. I gave a tutorial presentation on regular expressions at the same conference but don’t have notes.
Web Accessibility
A collection of pages that I wrote about web accessibility for Minnesota State Colleges and Universities, to accompany training for system web designers & developers.
Thoughts on Smarty
Some thoughts about the popular PHP template system Smarty, a couple months after I started using it. March 9, 2003.
XML, End-to-End Network Design, and Content Management.
An exploration of ideas for how XML could be used in a content management system.
Choosing a Good Password.
I wrote this around 1999 or 2000 out of frustration with dealing with clueless users. People who thought that “snowball” and “titanic” were good passwords. For the record: the title of the highest grossing movie of all time is not a good password. This is a bit dated now, and I should update it.
Brief Introduction to Digital Signatures and Public Key Encryption
Just like it sounds.