Web applications will be the focal point at this year’s OWASP New Zealand Day 2010, the annual conference where computer security experts gather to talk about the latest security problems – and some old ones that still haven’t been eradicated. Applications have become a major headache for the IT security industry. They’re those handy little tools you download to perform specific tasks; common apps include email programs, media players and document readers. The problem is, too many of these apps are designed in haste and security is an afterthought. Loading a poorly designed app onto your computer can give hackers a way in to do bad things. They find a vulnerability in a specific application, then devise a way of detecting computers that have it installed. So topics at this year’s OWASP (it stands for Open Web Application Security Project) will include threat modelling of web applications, privacy concerns with applications, countermeasures for web application vulnerabilities, and secure application development. “We will not just be showing attacks, but also giving a lot of recommendations to the audience,” conference convenor Roberto Suggi Liverani told NetGuide. “Because we have a lot of web developers, system administrators and IT managers attending, and they want not just to understand the attacks, but to know how to fix them.” Because New Zealand still lacks a dedicated Computer Emergency Response Team (CERT), conferences like OWASP are important because the local security experts get to share information – something the bad guys are doing too. “If you search, you can find websites where hackers discuss the vulnerabilities they’ve found in websites, and ask other hackers to see if they can compromise them further,” Suggi Liverani said. “And the owners of the sites don’t realise these vulnerabilities are being shared.” OWASP New Zealand Day 2010 is being held at Auckland University on July 15th. Attendance is free but registration is compulsory. See tinyurl.com/2cguyw7 for more.