OWASP AppSec EU, slides, pictures and experience
Update 02/07/2011: Arian Evans recently clarified he is really “Arian Evans” and not “Adrian Lane”, so I fixed that in the post below. Arian Evans gave the talk on the Six Application Security Metrics. Apologies for confusing the names :). Update 23/06/2011: Dreyer just clarified to me that int3pids were really third and not first …