Tuesday, April 7, 2009

OWASP - Ottawa and Montreal

First let me say that it's been a blast so far getting in front of these two new OWASP chapters!  Sherif and Benoit are doing a marvelous job getting people excited and engaged... and I wish you best of luck  - hopefully our pathes will cross again in the near future.

Now... I have to make a few comments on the last 2 nights -

The Ottawa group was awesome, met a lot of great people and had a fun time - I hope you all enjoyed the talk and topic, and feel free to contact me either through Sherif or directly if you have any follow-up question!  You know you're hanging out with a unique group of people when it's 10:30pm and suddenly you're talking about thermite... yea, thermite.  (I told you I'd blog about it!)  Guys, Moxie's was amazing... quite the place to be definitely.

My night here in Montreal was overwhelming.  I couldn't have asked for a better turn-out, a nicer facility (special thanks to the folks at CN for hosting!) and a more engaging conversation afterwards.  Here are some pictures from the room we had - it was truly a humbling experience!


And of course... you can't quite call it an awesome night in Montreal without running into a celebrity at a bar... 

Pat Quinn at some random Irish bar... nice!


Anonymous said...

Hi Rafal,

I recently assisted to one of your Hacking the 2.0 web workshops and it really opened my eyes.

However, I would still like to build a FLASH website that contains a section for our members.

Since all members will have to be stored in a database, I was wondering if you could let me know if there is any way to build this section securely (not compromising our members database)?
(some friends mention this could be done through a POST but I'm not too sure this would help).

Thanks in advance!

Rafal Los said...

There are plenty of ways that make it OK to send data back and forth between the flash (client) and the server. Keep in mind that everything that you send to the client (or on the client side) can and will be compromised.

I do not recommend using Flash to connect to a database, unless you come up with an abstraction layer (or conduct your connections via a web-service model) which prevents direct database access from the Internet (or Flash client).

Good luck.

Anonymous said...

Hi Rafal,

Thanks for your help and keep up the good work! :)