Following the White Rabbit Blog -

Automated Security Testing - Can't I Just Point-n-Click? (Part 3)

So now that you've got the background from my other 2 posts in this series, you know the options and you have some background. Let's talk about the limitations of technology and why your brain is still required to do your job. Many folks continue...

Published 10-16-2009 9:49 PM by RafalLos

Filed under: security automation

Automated Security Testing - Can't I Just Point-n-Click? (Part 2)

In the previous post - I tackled the question of automation, full automation, in web application security testing. We discussed the problem in great detail and underlined some of the issues that we will need to address and understand. In this post, I'm...

Published 10-16-2009 5:06 PM by RafalLos

Automated Security Testing - Can't I Just Point-n-Click? (Part 1)

I've been witness to an interesting phenomena. Several otherwise rational folks- customers, prospective customers, and pundits alike - have posed the question to me now over a the last several months. I've been thinking a lot about the topic and...

Published 10-16-2009 4:14 PM by RafalLos

Filed under: automated testing, web application security awareness, automation

Is Anybody Listening?

Greetings, I am finally back home after an exhausting trip which had me speaking at 2 conferences back-to-back in separate countries and on opposite side of the coast! I did learn some valuable lessons from speaking at these two wildly different conferences...

Published 10-15-2009 4:22 PM by RafalLos

Filed under: security, conferences, software quality

SecTor - Meet n' Greet

Hey everyone ... I thought I'd consolidate all the thoughts around the SecTor Tweet-Up that have been floating around Twitter (via SecurityTwits and myself) into a single blog post... so here it is... When : Tuesday, October 6th at 10:00pm local time...

Published 09-29-2009 10:54 PM by RafalLos

Filed under: speaking

The Dangers of a Disaster-Driven Security Program

Reality check... at least 30% of the customers I have worked with this year use a "disaster-driven" security program. Yes, it means exactly what you think. Nothing gets done, nothing gets approved until there is definitive proof that the $company...

Published 09-17-2009 3:27 PM by RafalLos

Filed under: incident, securitycurity program

What are you delivering?

Caution: This post may make you uncomfortable What business value are you delivering to your business? . . . ... still trying to answer the question? If you can't immediately answer the question of "What business value is your web application...

Published 08-26-2009 4:01 AM by RafalLos

Filed under: business value

SaaS: The Definitive Cliff Notes on Web Security Delivered

Grab a cup of coffee, make some room on your calendar and read on. ... This whole thing started earlier when, while reading through the mass of posts on every mailing list I belong to, I came across a question about SaaS services on the WebAppSec "Web...

Published 07-22-2009 12:53 AM by RafalLos

Filed under: SaaS

StarWest - Where QA and Security Will Collide

Is site security QA's problem too?! Hi everyone, I can't wait for fall and the StarWest testing conference in Anaheim! I'm so psyched to be presenting " QA Techniques for Identifying Workflow-Based Security Defects " in what will...

Published 07-06-2009 6:15 PM by RafalLos

Filed under: quality, security defects, workflow vulnerability, StarWest

Blog Comments

OK, I give up boys and girls... the spammers have me out-gunned. When I sift through 1,000+ pieces of SPAM comments/day it's time to call it quits. Admitting defeat isn't pleasant but that only means that I'll be turning OFF the ability for...

Published 07-06-2009 6:09 PM by RafalLos

Quality Engineers & Testers - StarWest is Coming Up!

I'm thrilled to announce that I have been selected to speak at the StarWest 2009 Quality Conference (SQE) October 5-9th 2009, hosted at the DisneyLand Hotel in Annaheim, CA! Link to the conference website is here ( http://www.sqe.com/starwest/Schedule...

Published 07-02-2009 8:45 PM by RafalLos

Filed under: quality, web application security, QA

Blog Comment SPAM...

Hi everyone - I apologize in advance if you write a nicely thought-out comment to one of my posts and it gets "lost in moderation"... I have recently started getting north of ~250 SPAM comments every 12 hours or so (as quickly as I clean them...

Published 06-26-2009 4:21 AM by RafalLos

Blog Comments...

Hi everyone - I apologize in advance if you write a nicely thought-out comment to one of my posts and it gets "lost in moderation"... I have recently started getting north of ~250 pieces of SPAM comments every 12 hours or so (as quickly as I...

Published 06-26-2009 4:18 AM by RafalLos

The Problem of "Too Many Problems"

Hey everyone... now that I'm back to regularly posting I thought I'd address the issue I've faced with the last few customers we've gotten the pleasure of visiting. Speaking from experience you never want to introduce a tool or process...

Published 06-24-2009 9:45 PM by RafalLos

Filed under: web application security program, scurity vulnerabilities

Enterprise Web Application Security: Part 2 - The Policy

In the first part of this series titled " Enterprise Web Application Security: Part 1 - The Foundation " I left you with 6 foundational things you should consider before galloping head-long into building a web application security program. Going...

Published 06-23-2009 7:30 AM by RafalLos

Following the White Rabbit Blog

Syndication

Recent Posts

Tags

Archives