February 2009 - Following the White Rabbit Blog -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
February 2009 - Following the White Rabbit Blog
Following the White Rabbit Blog
Home
About
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
Automated Security Testing - Can't I Just Point-n-Click? (Part 3)
Automated Security Testing - Can't I Just Point-n-Click? (Part 2)
Automated Security Testing - Can't I Just Point-n-Click? (Part 1)
Is Anybody Listening?
SecTor - Meet n' Greet
Tags
application security
breach
compliance
conferences
dynamic analysis
educating developers
hacking
hacking demonstration
OWASP
PCI Compliance
PCI DSS
process
QA
quality
security
security automation
security program
securitycurity program
software quality
software security
speaking
sql injection
static code analysis
testing
web application security
View more
Archives
May 2009 (2)
April 2009 (3)
March 2009 (1)
February 2009 (4)
January 2009 (6)
December 2008 (9)
November 2008 (2)
October 2008 (5)
September 2008 (7)
July 2008 (4)
June 2008 (4)
May 2008 (4)
April 2008 (5)
March 2008 (1)
Sort by:
Most Recent
|
Most Viewed
|
Most Commented
Enterprise Web Application Security: Part 1 - The Foundation
The term " Enterprise Web Application Security Program " has been evolving. Generally referring to a corporate IT program which includes web application code in some way and has traditionally meant either a white-box approach or a black-box...
Published
02-20-2009 3:10 PM
by
RafalLos
Filed under:
web application security
,
enterprise web application security program
An Unfortunate Case of Learned Behavior
One of my all-time favorite quotes is " When all you have is a hammer, the whole world is a nail "... but lately that quote has started to apply to the practice of web application security programs, and that's causing me to start losing...
Published
02-10-2009 4:25 PM
by
RafalLos
Filed under:
program failures
,
program secrets
,
web application security program
Defining Security as a Business Requirement
This post is a follow-up to the previous one on QA: Defect vs. Vulnerability. All the highly-intelligent responses I received got me thinking further, and so here I present my additional thoughts. This may not be revolutionary - but given the response...
Published
02-05-2009 4:53 AM
by
RafalLos
Filed under:
functional specification
,
quality
,
process
,
application security
,
web application security business case
,
software quality
,
software security
,
QA
QA Lesson - Defect vs. Vulnerability
Back in April 2008 one of my very first posts to this blog was titled " Security Vulnerability != Defect; Why? " and it stirred some discussion. Over the past year I've spoken to more QA teams than I can probably remember, and the message...
Published
02-03-2009 8:34 PM
by
RafalLos
Filed under:
terminology
,
QA
Privacy Statement