Julian Berton

Hey, I'm Julian Berton, author of this blog, organiser of the OWASP Melbourne chapter and Application Security Engineer at seek.com.au. I also regularly speak at events and train technology professionals about all things application security!

Running a Bug Bounty Program - TConf 2017

08 Dec 2017

I recently spoke at TConf 2017, an Australian quality assurance conference about how bug bounty programs can be a great control to reduce security issues within your web applications. It covered how to run a bug bounty program, their pro’s and con’s and an update on seek.com.au’s program including a show and tell of a few recent bugs that have been reported! This was a slightly updated and shortened talk to the one i presented at NDC 2017 this year.

Read More

Running a Bug Bounty Program - NDC Sydney 2017

17 Aug 2017

I recently spoke at NDC Sydney 2017, an Australian developer conference about how bug bounty programs can be a great control to reduce security issues within your web applications. It covered how to run a bug bounty program, their pro’s and con’s and an update on seek.com.au’s program including a show and tell of a few recent bugs that have been reported!

Read More

Defensive Application Security in a Modern Organisation - Parts 1-4

10 Jul 2017

Defending web and mobile applications against the bad guys has always been hard, there is no escaping that fact. However it doesn’t seem to be getting any easier either. Evolving development practices (Agile, DevOps, CD/CI, IaC) have a big part to play, but there are several other trends that are also not helping the situation. So in this modern world of development, how can we better secure these applications?

The short answer is we need to change the way we approach application security, by designing an application security programme or secure software development lifecycle (SSDLC) that fits better into these evolving development practices…

Read More

Thinking Like A Hacker - DDD Melbourne 2016

13 Aug 2016

I presented a slightly updated from DDD Sydney deck at DDD Melbourne about what motivates hackers to break into systems and how you could approach securing your company’s web application at scale. DDD Melbourne is a non profit community event in Melbourne run by developers for developers.

Read More

Thinking Like A Hacker - DDD Sydney 2016

29 May 2016

I presented at DDD Sydney about what motivates hackers to break into systems and how you could approach securing your company’s web application at scale.DDD Sydney is a developer focused conference held in Sydney Australia.

Read More

Bypassing Root Detection on Android

30 Jan 2015

When performing a penetration test on an Android or iOS application the developer can implement what are called binary protections that hinder an attacker from easily analysing an application. Some of the more common protections are SSL pinning, code obfuscation and root detection. This article explains how to bypass the latter, namely root detection on Android.

Read More
Page 1 of 2
Older Articles