Browse by Tags - Following the White Rabbit Blog -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
Following the White Rabbit Blog
»
All Tags
»
web application security
(
RSS
)
Browse by Tags
Following the White Rabbit Blog
Home
About
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
Quality Engineers & Testers - StarWest is Coming Up!
Raising the Bar? Flash Encryption, Obfuscation
Enterprise Web Application Security: Part 1 - The Foundation
President Obama's Web 2.0 Campaign Hijacked
2009 - One Bold Prediction
Tags
application security
breach
compliance
conferences
dynamic analysis
educating developers
hacking
hacking demonstration
OWASP
PCI Compliance
PCI DSS
process
QA
quality
security
security automation
security program
securitycurity program
software quality
software security
speaking
sql injection
static code analysis
testing
web application security
View more
Archives
May 2009 (2)
April 2009 (3)
March 2009 (1)
February 2009 (4)
January 2009 (6)
December 2008 (9)
November 2008 (2)
October 2008 (5)
September 2008 (7)
July 2008 (4)
June 2008 (4)
May 2008 (4)
April 2008 (5)
March 2008 (1)
2009 prediction
Adobe flash
automated testing
automated tools
compliance
Computer Security Institute
CSI Conference
data sanitization
enterprise web application security program
hacking
holistic security
input validation
PCI DSS
president hacked
process
QA
quality
security automation
security budget
security program
security tools
sql injection
user-agent
ViViT
Web 2.0
Web application firewall
web application hacking
Quality Engineers & Testers - StarWest is Coming Up!
I'm thrilled to announce that I have been selected to speak at the StarWest 2009 Quality Conference (SQE) October 5-9th 2009, hosted at the DisneyLand Hotel in Annaheim, CA! Link to the conference website is here ( http://www.sqe.com/starwest/Schedule...
Published
07-02-2009 8:45 PM
by
RafalLos
Filed under:
quality
,
web application security
,
QA
Raising the Bar? Flash Encryption, Obfuscation
On the heels of my OWASP talk regarding decompiling and analyzing Flash [ see SWFScan link ] files lots of you have asked "So what about Flash file encryption or obfuscation? Does that make my code any more secure?" I've done the research...
Published
04-20-2009 5:37 PM
by
RafalLos
Filed under:
web application security
,
Web 2.0
,
Adobe flash
Enterprise Web Application Security: Part 1 - The Foundation
The term " Enterprise Web Application Security Program " has been evolving. Generally referring to a corporate IT program which includes web application code in some way and has traditionally meant either a white-box approach or a black-box...
Published
02-20-2009 3:10 PM
by
RafalLos
Filed under:
web application security
,
enterprise web application security program
President Obama's Web 2.0 Campaign Hijacked
Congratulations Mr. President, your Web 2.0 campaign to be the "hip" president has just been hijacked. In an interesting news article published originally on CyberInsecure.com , someone has decided to use the President's popularity to hijack...
Published
01-28-2009 9:00 PM
by
RafalLos
Filed under:
web application security
,
Web 2.0
,
president hacked
2009 - One Bold Prediction
Well, it's official, we're all another year older now. Welcome to 2009, and what I can only hope will be a great year in information security. I'm sure you've all read your share of scary predictions for 2009, from vendors, journalists...
Published
01-10-2009 8:36 AM
by
RafalLos
Filed under:
web application security
,
2009 prediction
Thank you ViViT - Madison, WI!
Had a great time presenting, and talking with you all after. I know I painted a gloomy picture, but remember - you can succeed by taking that first step. Here's some key points: Don't let anyone tell you that it's all of nothing ... Risk-management...
Published
12-04-2008 5:42 PM
by
RafalLos
Filed under:
web application security
,
ViViT
A Perspective on "Dumbing Down" the Security Profession
Let me start off by reminding you that the main mission of this blog is to provide insight and perspective (from more than just the security angle) on web application security and risk management. Keep that in mind as you read on... I read an article...
Published
12-02-2008 4:41 AM
by
RafalLos
Filed under:
web application security
,
security automation
,
security tools
CSI Annual Conference - Highlights on Web App Security
Listening to the speakers (yes, this time around I was a spectator only... sort of) and the audience from these past 2 days, and specifically at the Web 2.0 Security Summit here at CSI Annual 2008 ... I've come up with a few things that I think you...
Published
11-19-2008 4:00 AM
by
RafalLos
Filed under:
web application security
,
Computer Security Institute
,
CSI Conference
PCI Compliance Madness - See! I'm not insane!
Rich Mogull over at Securosis totally nailed it. This article he put up talking about the Web Application Firewall (although it's still a mis-named product, see my rant here ) vs. secure coding is brilliant. I've been saying this since I can remember...
Published
10-25-2008 5:41 AM
by
RafalLos
Filed under:
PCI DSS
,
compliance
,
web application security
,
Web application firewall
Web Application Security 101: Simple SQL Injection
Web application security is a hot topic, no doubting that these days. The awareness is growing and developers are starting to take notice of the security shortfalls in their code. Awareness of attacks like SQL injection, cross-site scripting, and CSRF...
Published
10-04-2008 5:08 AM
by
RafalLos
Filed under:
hacking
,
web application security
,
input validation
,
sql injection
,
web application hacking
,
data sanitization
,
user-agent
Security Program vs. Shrinking Budget - Part 1
Greetings readers, it's been a while since I wrote up an article - but I've been busy I assure you. I've been gathering up information for the series you're about to read over the coming weeks. As I travel and speak to large enterprises...
Published
07-13-2008 6:25 AM
by
RafalLos
Filed under:
web application security
,
security budget
,
security program
Misunderstanding the Purpose of Automated Tools
Let's get this out in the open - there is a misunderstood purpose of automated tools in web application security . Based on my personal experiences in front of both management and engineering teams in the last few months, I feel this needs to be addressed...
Published
06-11-2008 2:29 AM
by
RafalLos
Filed under:
process
,
holistic security
,
web application security
,
automated tools
,
automated testing
Privacy Statement