Attack Patterns: Knowing Your Enemy in Order to Defeat Them [PDF]
As presented at Blackhat DC 2007.
Pragmatic Secure Architecture
Presented at the Washington, DC Regional Chapter meeting of IASA.
Is Secure AJAX an Oxymoron? [PDF]
As presented at SD West 2007.
Software Security: Building Security In [PDF]
Presented on CFI-CIRT Professional Development Day in Toronto, ON, Canada.
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code (2004)
This talk has been given at NCSU and Johns Hopkins.
Exploiting Software: How to Break Code (2004)
Invited Talk at Usenix Security 2004 (San Diego).
Software Security Clue Distribution: Can we teach things like security?
17th Conference on Software Engineering Education and Training (CSEE&T) keynote on education and software security
XP and Software Security?! You gotta be kidding
INET 2002 Wireless Security Tutorial
Internet Security: Issues and Trends
Software Fault InjectionJava Security Architecture: Risks and Realities
Why Monitoring Mobile Code is Harder than it Sounds
Attacking Malicious Code: The evolution of attack code and defenses against it
Managing Risks in Complex Systems: Policy enforcement and software security (PPT format)
Making Threat Modeling Useful to Software Development [PDF]
As presented at QCon, San Francisco 2007.