April 2008 - Following the White Rabbit Blog -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
April 2008 - Following the White Rabbit Blog
Following the White Rabbit Blog
Home
About
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
Automated Security Testing - Can't I Just Point-n-Click? (Part 3)
Automated Security Testing - Can't I Just Point-n-Click? (Part 2)
Automated Security Testing - Can't I Just Point-n-Click? (Part 1)
Is Anybody Listening?
SecTor - Meet n' Greet
Tags
application security
breach
compliance
conferences
dynamic analysis
educating developers
hacking
hacking demonstration
OWASP
PCI Compliance
PCI DSS
process
QA
quality
security
security automation
security program
securitycurity program
software quality
software security
speaking
sql injection
static code analysis
testing
web application security
View more
Archives
May 2009 (2)
April 2009 (3)
March 2009 (1)
February 2009 (4)
January 2009 (6)
December 2008 (9)
November 2008 (2)
October 2008 (5)
September 2008 (7)
July 2008 (4)
June 2008 (4)
May 2008 (4)
April 2008 (5)
March 2008 (1)
Sort by:
Most Recent
|
Most Viewed
|
Most Commented
What's the point of "penetration testing"?
Over the last 8 years in IT Security, I've had at least a professional interest in the idea of penetration testing and the opinion of this service has evolved as the IT Security market niche matures and grows. I wanted to take a minute to discuss...
Published
04-04-2008 1:45 PM
by
Rafal Los
Filed under:
penetration testing
,
services
,
hacking
,
tools
,
webinspect
Navigating the PCI DSS Standards...
For those of you who keep up with the PCI DSS standard, the coucil today has issued an update titled: Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified . The standard item 6.6 has been further clarified in one of...
Published
04-22-2008 11:18 AM
by
Rafal Los
Filed under:
testing
,
tools
,
web application
,
PCI DSS
,
assessments
In "cyberspace"... no one can hear your database scream
It's 2:34am, local time. You're snoring up a storm after a hard day at the office. You've patched all your servers, your lockdown scripts have been verified, and your IDS is humming along perfectly. Oh, and by the way, someone named "R0kk1t"...
Published
04-09-2008 11:01 AM
by
Rafal Los
Filed under:
security
,
hacked
,
web application
,
defense
,
alerting
"Security Vulnerability" != "Defect" ; why?
It's one of those obvious things. A defect is a defect, right? Whether the airbag is faulty, or the gas cap doesn't hold pressure... a defect is a defect. The strange thing is - it hasn't been that way, and still isn't that way, in most...
Published
04-01-2008 10:18 AM
by
Rafal Los
Filed under:
development
,
testing
,
quality
,
functional specification
,
security
,
vulnerabilities
,
defects
The Politics of Getting Hacked
It's the words that keep IT Security Managers up at night - "We have a problem, I think we've been hacked". Of course, there are few possible responses... Acknowledge Responsibly - You can acknowledge what has happened, open an investigation...
Published
04-06-2008 2:07 AM
by
Rafal Los
Filed under:
incident
,
hacked
,
crisis management
,
breach
,
politics
Privacy Statement