Telling Stories About Software Development w/Mark Mahoney
Modern version control systems are more like collections of still photographs than moving pictures. Moving pictures do a much better job of capturing evolutional changes. A storyteller can use moving pictures to tell compelling stories that are easier to digest than traditional documentation.
This talk demonstrates the Storyteller version control system. The tool aims to change the way software developers learn by opening up for examination how they do their work. The tool has traditional version control functionality (branching and merging) and records how development work is done, organizes it, and allows it to be played back for others. Most importantly, the tool allows developers to tell stories about what they did and why. It captures institutional knowledge that would otherwise be lost and allows developers to learn from each other.
Mark Mahoney is the chair of the computer science department at Carthage College in Kenosha, WI. Before that he was a software engineer at Motorola. Dr. Mahoney leads groups of undergraduate researchers examining how to make it easier for software developers to learn from their code repositories and from each other.
Update (12/13): Danny Harris will also be giving a talk on Authentication Issues.
Authentication Issues: Design and Implementation w/Danny Harris
This session focuses on authentication design and implementation issues commonly found in web applications. The goals of this session are as follows:
- To understand the common attacks against passwords and authentication services.
- To become familiar with some important password and authentication-related security patterns.
- To learn how to protect passwords in web applications.
- These are the topics we will cover:
- A Very Short Introduction to Cryptography
- Threat Modeling and Password Attacks
- Security Design Patterns
- Password Storage Problem
- The Authentication Process
- Password Reset/Change Problem
- Email Threats
- Delivering Passwords Securely Problem
- Practices for Secure Authentication
Danny Harris is the Application Security Software Development Lifecycle and Training Manager at Aon. He developed role-based coursework for comprehensive application security education. He also established a Secure Software Development Lifecycle framework for global development teams and created the roadmap for implementing new processes to increase software security controls based on the Building in Security Maturity Model (BSIMM).
Specializing in security awareness training, Danny is responsible for the delivery of key security awareness training for the organization, as well as for the development, implementation, and maintenance of the corporate information security websites. He also was instrumental in the development and refinement of corporate security policies, standards, and procedures.
Danny's information security skills include conducting security audits, security vulnerability and risk assessments. Additionally, he functions as a consulting engineer and architect for secure network systems, with extensive involvement in the deployment of E-Mail content filtering and virus scanning at Aon. Danny is a member of Aon's Information Security Incident Response Team, where he assists with incident handling. He also evaluates and recommends security products for Aon.
Danny was an Adjunct Professor at Wilbur Wright College (Chicago) in the Computer Security and Forensics Investigation program for seven year and was an Instructor with the SANS Institute for five years.