I got up early Monday morning to start day one of the Blackboard Developer’s Conference. It was my first time to this conference and I made sure to be there early. The breakfast was great with some time to visit with great colleagues. The opening keynote included discussions about Mobile, Blackboard Learn, API improvements and the like.
I spent the first session talking with Heather, George Kroner, and a few others in the Ask the Experts area. I got some great insight and gave some feedback about the new Behind The Blackboard. I wish that everyone at the conference would get the experience of talking, and I mean really talking to a Blackboard employee about something that you want to give constructive feedback about. It’s great to know that Blackboard wants to hear the feedback from attendees.
I then caught Matt Saltzman’s presentation. Matt (who was awesome as a support and Tier 3 Engineer) is now a Security Engineer. He talked about how Blackboard uses IBM’s Rational Appscan software to find security issues in it’s software. Blackboard classifies different options and uses the CVSS score to calculate where a vulnerability might be classified. A CVSS calculator is available to use at http://nvd.nist.gov/cvss.cfm?calculator&version=2 He then gave us an example site where he stepped through the process to test a security vulnerability. One good tool to use is a Firefox plugin called Tamper Data which sees the request after it’s sent but before it reaches the server.
Classifications
- Injection attacks includes SQL injection, XML injection, OS Command injection, etc.
- Cross Site Scripting
- Insecure Direct Object Reference
- Cross Site Request Forgery
Matt then walked through the scan and review process using Appscan. It was a really insightful time.
The afternoon then started with a discussion on the future of open source and the LMS. The discussion included a panel with: Mark Drechsler, Phill Miller, Tom Murdock, Mark O’Neil, Chuck Severance, and Chris Borales moderated the discussion. See below for two videos from that keynote.
Malcolm Murray (@malcolmmurray) finds standing room only at a #DevCon #BbW12 presentation on error logs.
I wrapped up the day with a presentation from Matt Saltzman again. This presentation discussed how to understand the log files. It was a standing room only presentation (see the picture on the right). I found a lot of great information, and I haven’t gone over all the details.
Then the evening wrapped up with a Client Appreciation Party at the House of Blues. This is one of the best parties I’ve ever been to that Blackboard has thrown! Just an awesome evening (even got my tarot cards read! ;)) but it made for a long night. Tomorrow offers a lot of information to digest and the start of the Blackboard World portion of my week.
Thanks for all the attendees, presenters, Blackboard employees, and partners for their great conversations today and those to come!
Terry, glad you had a good time at DevCon this year! We’ll definitely have to catch up on the BbStats questions you had.
Terry, glad you had a good time at DevCon this year! We’ll definitely have to catch up on the BbStats questions you had.