To get involved, simply download the appropriate form, complete it and return it to info@in2security.org.nz. If you put [MENTORING] in the subject it would also be much appreciated.

Applications received by 18th May 2012 will go into a draw for a signed copy of Bruce Schneier's Liars and Outliers!

To get a mentor: Download the protégé registration form

The purpose of this track is to develop your skills in being able to identify and exploit vulnerabilities.

It may sound odd, but when doing this for a living there are a few ethical issues that need to be considered.

Not too long ago, it used to be that finding bugs and writing exploits was simply a hobby that existed for many enthused researchers. Over time however, and with the rapid growth of the internet (and therefore, the number of internet facing systems), demand for solid, vulnerability research and exploit code has grown significantly over the last 10 years.

So, it's been a couple of weeks and since my last post (and with a little help getting your gear in order) you should now have a pretty good toolchain that you are comfortable using and also have some fundamental knowledge of *nix,regular expressions and scripting that you are eager to put to use!

As in2securITy finds its rhythm, some obvious patterns will start to occur. Recurring themes that cross between or overlap specialisms and effect us all.

One of these themes was quite succinctly described by Metlstorm ( Kiwicon organiser and generally awesome NZ security guru) in his opening address at Kiwicon 5. It went something like this:

‘Don’t be a dick’

Like I said, it’s succinct but it works.

Today one of our readers spotted our favourite sort of sentence while navigating the CERT part of Carnegie Mellon Software Engineering Institute (SEI).

Winner!

Location: The Malthouse, 48 Courtenay Place, Wellington
Date: Tuesday 1 May 2012
Time: 18:30am – 20:30pm

Ladies and Gents I am pleased to announce that Tuesday 1st May 2012) is the first Wellington in2securITy social event.

Come along to The Malthouse (http://g.co/maps/ba42p) from 18:30 for a drink (doesn't need to be alcoholic if that's not your thing) and get to know some of your fellow participants and professionals.

Everyone welcome and its free to come along. All you need is spending money for drinks.

One of the key aims for in2securITy is to provide those who are pursuing a career in or around IT and information security the chance to engage with a mentor.

Mentoring has been around in one form or other for as long as there have been people. The older and more experienced have traditionally helped those starting out. Whether it is through teaching practical skills, answering questions or introducing new contacts; a mentor can be a valuable tool at any stage of your career.

Location: St James Theatre, 63-95 Courtenay Place, Wellington and online at www.nzitf.org.nz
Date: Tuesday 1 May 2012
Time: 10:00am – 12:00pm
RSVP: rsvp@nzitf.org.nz by 12pm Thursday 26 April 2012

Introduction

This post is a summary of a presentation I recently gave at one of the local OWASP meetings. As a web application penetration tester, I frequently encounter applications that have rolled their own password recovery mechanism or poorly implemented an existing solution. The impact of vulnerabilities in these mechanisms varies from information disclosure through to compromise of the entire application – so it is certainly a topic that warrants discussion.

We’ll cover a few of the more common issues in this post, as well as some suggestions for avoiding them.

Communities are powerful things. When we first sat in a restaurant pondering the possibility of starting something to promote the security industry to those just starting out - we knew it would be the community that made it great.

And we were right.

You guys (oh mystery readers on the Internet) are what makes this project work. Your comments and feedback are helping shape how we do things and let us know what is working for you (and what isn't).

We don't always get it right.