In this interview, TechWell speaks with Mike Benkovich, who's been a business owner, database administrator, developer, author, and evangelist. At STARWEST, he had a presentation titled "Testing Application Security: The Hacker Psyche Exposed."
Jennifer Bonine: All right, we are back with another round of interviews. We have a couple back to back here for us, and I'm here with Mike. Mike, thanks for joining me.
Mike Benkovich: Well, good to be here.
Jennifer Bonine: We just figured out Mike and I are actually both from Minneapolis, that area, so we're both in the same area and know a lot of the same things, probably. Why don't you give, for folks out there that haven't had a chance to meet you before, your background. It's not your traditional tester that you see running around.
Mike Benkovich: I do test, because I build software, but I'm more on the building side. I'm a developer. I've worked for a number of years for Microsoft doing evangelism around cloud and around Visual Studio, and all the tools that are part of that. Lately, since I left there, I've been building connected mobile apps.
Jennifer Bonine: Very neat.
Mike Benkovich: Doing a talk later today on hacker tricks.
Jennifer Bonine: Hacker tricks. For those who don't get to see that one, unfortunately, because it's not broadcast, what are some of the sneak peeks into what people get during the hacker tricks session this afternoon?
Mike Benkovich: It's kind of a fun talk, because what we do, we start out ... we get a volunteer from the audience, we steal their credit card, buy thirty thousand dollars' worth of stuff, and ship it to my house.
Jennifer Bonine: That's awesome.
Mike Benkovich: Oh, yeah. Then we show you how to prevent that from happening to you. We really go through and have a lot of fun with it. There's this OWASP, which is the Open Web Application Security Project, that has the top ten exploits. You're able to go out and see what kinds of things are coming at you, and it's sort of like, if you're—to use a sports metaphor—in football, if you don't see the guy coming from the side and get blindsided, it hurts.
Jennifer Bonine: It's not good.
Mike Benkovich: OWASP is all about educating and informing people about what kinds of exploits are out there. My talk goes through the mechanics of how does it actually work, instead of just reading about it. We actually sit down and do it, and show you the mechanics of, okay, this is what it's doing.
Jennifer Bonine: I bet that's a scary realization for some people when they sit down and see how easy it actually is for hackers to come in and steal credit cards, and get stuff taken from them. Identity theft has become so huge. I know it was a big deal when the head of one of the organizations gave out his personal social security number, and everyone was like, "Wow, why would he do that?" It was for Lifelock, I think, was the one that did it, saying, "I'm confident we'll protect my identity." That was scary for me—for him.