There sure seems to be a number of application and information security conferences to attend in 2012 (OWASP, Blackhat, RSA, etc.) --- but which ones would this list recommend to someone who is trying to gain a better understanding on how to improve the overall application security posture in their organization. Keep in mind that my own application security knowledge (how to hack, how to prevent hacking) is still very low when compared to most of the people I see contributing to this discussion list. So I am definitely looking to grow my knowledge in this area as well so that I can better communicate with the development areas when trying to sell them on the importance of application security. Thanks, M

For appsec I would hit the larger OWASP events. More details at https://www.owasp.org/index.php/Category:OWASP_AppSec_Conference . - Robert A WASC Co Founder/Moderator of The Web Security Mailing List http://www.webappsec.org/ http://www.qasec.com/ http://www.cgisecurity.com/ On Wed, 21 Dec 2011, Mike Gleiter wrote: > There sure seems to be a number of application and information security > conferences to attend in 2012 (OWASP, Blackhat, RSA, etc.) --- but which > ones would this list recommend to someone who is trying to gain a better > understanding on how to improve the overall application security posture in > their organization. > > Keep in mind that my own application security knowledge (how to hack, how > to prevent hacking) is still very low when compared to most of the people I > see contributing to this discussion list. So I am definitely looking to > grow my knowledge in this area as well so that I can better communicate > with the development areas when trying to sell them on the importance of > application security. > > Thanks, > M >