-
So now that you've got the background from my other 2 posts in this series, you know the options and you have some background. Let's talk about the limitations of technology and why your brain is still required to do your job. Many folks continue to try and push the boundaries of technology, and while I applaud this effort greatly, I for one
-
In the previous post - I tackled the question of automation, full automation, in web application security testing. We discussed the problem in great detail and underlined some of the issues that we will need to address and understand. In this post, I'm going to talk through the options and technological limitations that we face today and will continue
-
I've been witness to an interesting phenomena. Several otherwise rational folks- customers, prospective customers, and pundits alike - have posed the question to me now over a the last several months. I've been thinking a lot about the topic and have some thoughts I think it's time I share. The question for discussion is this: " Shouldn't
-
Greetings, I am finally back home after an exhausting trip which had me speaking at 2 conferences back-to-back in separate countries and on opposite side of the coast! I did learn some valuable lessons from speaking at these two wildly different conferences thought, so I thought I would share them with you here for your benefit too. First off, the Information
-
Hey everyone ... I thought I'd consolidate all the thoughts around the SecTor Tweet-Up that have been floating around Twitter (via SecurityTwits and myself) into a single blog post... so here it is... When : Tuesday, October 6th at 10:00pm local time Where : The Loose Moose (Google it) - 146 Front Street West , Toronto , ON M5J 1G2 , Canada
-
Reality check... at least 30% of the customers I have worked with this year use a "disaster-driven" security program. Yes, it means exactly what you think. Nothing gets done, nothing gets approved until there is definitive proof that the $company has been hacked, stolen from, or otherwise compromised. While we as security professionals often
-
Caution: This post may make you uncomfortable What business value are you delivering to your business? . . . ... still trying to answer the question? If you can't immediately answer the question of "What business value is your web application security program providing to the business?" then you're in for some serious trouble. The
-
Grab a cup of coffee, make some room on your calendar and read on. ... This whole thing started earlier when, while reading through the mass of posts on every mailing list I belong to, I came across a question about SaaS services on the WebAppSec "Web Security" mailing list . This got me thinking and after someone responded I decided to chime
-
Is site security QA's problem too?! Hi everyone, I can't wait for fall and the StarWest testing conference in Anaheim! I'm so psyched to be presenting " QA Techniques for Identifying Workflow-Based Security Defects " in what will hopefully be one of the better talks of the week. I've been promising many of you an explanation
-
OK, I give up boys and girls... the spammers have me out-gunned. When I sift through 1,000+ pieces of SPAM comments/day it's time to call it quits. Admitting defeat isn't pleasant but that only means that I'll be turning OFF the ability for you anonymous folks to comment. I will continue to moderate and allow everyone to comment, but only