For the first session of the day, I decided to check out the Web Application Security Roadmap presentation by Joe White, President of Cyberlocksmith Corporation. Web application security is still very much in it’s infancy. Traditional “operations” teams do not understand web application security risk and are ill-equipped to defend against web application threats. Many […]
I’m currently at the OWASP AppSec 2008 Conference in New York City and am listening to the keynote presentation shared by the board of OWASP. Starting off is Jeff Williams, Chair of OWASP. He talked about OWASP’s mission, what we’re currently working on, and offered the following suggestions on how to take OWASP into the […]
As I’m preparing to take my trip to New York for the OWASP AppSec Conference, I came across a timely article on the risks involved with using a hotel network. The Center for Hospitality Research at Cornell University surveyed 147 hotels and then conducted on-site vulnerability testing at 50 of those hotels. Approximately 20% of […]
Have you ever had a problem that you used a search engine to try to find the solution? Did that search bring you results from a site that then forced you to register in order to see the content? This happened to me all of the time before I found two simple ways to display […]
I’ve been focusing a lot of my time lately on our PCI initiatives. One sub-topic that I’ve spent a particularly large amount of time on has been Requirement 11.2 which says that you need to have internal and external network vulnerability scans performed by a scan vendor qualified by PCI. We already employ one such […]
McAfee released the results of a survey last week after sampling 500 IT decision-makers from companies with 1,000 to 2,000 employees. The results are pretty astounding. Forty-four percent think that cybercrime is only an issue for larger organizations and believe it does not affect them. Fifty-two percent believe that because they are not well known, […]
If you are responsible for developing or maintaining a website and haven’t checked out Ratproxy yet, you’re missing out. Before I start spouting off about just how cool and useful this tool is, I suppose I should first tell you what a proxy is. In a nutshell, a proxy is an application that runs local […]
Since Michael Howard moved from Redmond to Austin, I’ve had the privilege to see him present several times now. This is the guy who literally wrote the book on writing secure code and the secure development lifecycle. He is a fantastic speaker and I’d highly recommend checking him out if you every get the opportunity. […]
I went to a Lunch n Learn last week sponsored by PaloAlto Networks and Fishnet Security talking about what PaloAlto calls the “next generation firewalls”. PaloAlto boasts having Nir Zuk, principal engineer at Check Point and one of the developers of stateful inspection technology, as it’s founder and CTO. Their product, the PA-4000, Series Firewall, […]
I was browsing Slashdot today and found an article on how a spokesman for China’s foreign ministry has said that China, being the “developing nation” that it is, lacks the sophistication to hack foreign systems. This in response to recent statements from a couple of US Congressmen regarding Chinese probes of congressional systems for information about communication between US […]
