This post is a follow-up to the previous one on QA: Defect vs. Vulnerability. All the highly-intelligent responses I received got me thinking further, and so here I present my additional thoughts. This may not be revolutionary - but given the response I received regarding the terminology difference between...
"Police: School data hacked, grades altered" http://www.republicanherald.com/articles/2009/01/15/news/local_news/pr_republican.20090115.a.pg1.pr15hacker_s1.2230498_top4.txt Every once in a while, we get a great example of why web application security is vital no matter where in the world you...
It's Monday again, and it's absolutely brain-numbingly cold here in Chicago... but I wanted to get these thoughts down before they fell out of my brain to make room for new stuff. Last week I had the pleasure of meeting with a group of guys that are running the Information Security practice within...
Those of you in or around Madison, WI ... come see me talk about Application Security Governance on Thursday, December 4th. If you need more information, contact me directly and I will send you the event invitation. This should be a great event and a chance for a lot of informal conversation and panel...
Since February, I've been traveling and meeting with IT Security leaders, CISOs, Program Managers and other folks in charge of application security for their business and a few themes have recurred. I'm fascinated by the differing scenarios and situations that security leaders are placed in but...
As promised, I'm writing up the first segment of implementing a web application security program without having to spend (or add spend to) your own budget. The current economic conditions are stiffling technology investments and security programs aren't much better off than they were this time...
[This post is a little lengthy, but necessarily so. Get a beverage, sit back, and learn something] I've recently spent some time in front of a group of development-oriented professionals and the talk I gave broke down at a certain point, and I felt like I needed to write this one up. What happened...
You're delivering the wrong message, to the wrong audience. Don't believe me? Let's look at the attendance of workshops and conferences - now look at the message that's being delivered. I'm speaking of course specifically on web application security here. A recent article on Jeremiah...