Tag Archives: OWASP
Was Citi Sleeping? Could Functional Security Testing Have Saved the Day?
January 10, 2011 – 6:00 am
–
Do you remember reading over the summer about Citigroup having a security hole in an iPhone app, which stored all manner of nonpublic personal information in a file? … and that the data could then be transferred to a PC? In the Technology section of the July 27, 2010 The Wall Street Journal,…
Application Security – Where It’s At
November 10, 2009 – 6:00 am
–
Some time ago, I was planning to write about my participation last year in a conference and a workshop on application security and software assurance respectively. One was the annual OWASP (Open Web Application Security Project) Conference in New York and the other was a workshop on the business…
Defending the Defenders
April 20, 2009 – 6:00 am
–
Each week that goes by seems to bring with it the destruction of yet another icon upon which we build our faith and trust in our environments. In mid-February, the information security community was abuzz with the breaches of the Web sites of premier security firms F-Secure, Kaspersky and…
In Praise of the Information Security Checklist
June 26, 2008 – 6:00 am
–
This is much anger and venom spit when the subject of the information security checklist is brought up. At one point in my career I looked at the checklist in disdain figuring that only people who do not understand the true depths of a subject relied on checklists as a crutch in place of…

The OCC and Application Security: Vindication at Last