The last day of the 2008 OWASP AppSec conference in New York City has passed!

Chris and I saw some excellent talks, including one that introduced a tool that actually scared Chris with its effectiveness – but I’ll let him tell that story. One of my favorites was “Agile Development and Security” which predictably talked about how to develop securely while using the Agile methodology. Innova isn’t specifically an “Agile” shop, the talk was still extremely helpful.

Overall, the whole conference was a smashing success! Aside from NYC, which is just plain awesome, the training and various speakers got Chris and I in a security-conscious mindset. The training, for me at least, reinforced a lot I already knew and taught me plenty that I didn’t. The speakers I saw outlined how attackers think, and how to implement the various things we’ve learned in real production environments where everything isn’t milk and honey. We’re identifying places where we can implement these things, and trying to come up with a good presentation to give to the Innova crew and the local OWASP chapter that covers everything.

Tomorrow we’re just going to tour the parts of Manhattan that we haven’t walked around yet, and I’ll be back in town late Friday night! NYC is awesome, and I’ll damn well miss it, but I’m looking forward to the comforts of home!