Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: OWASP

Was Citi Sleeping? Could Functional Security Testing Have Saved the Day?

January 10, 2011 – 6:00 am – Do you remember reading over the summer about Citigroup having a security hole in an iPhone app, which stored all manner of nonpublic personal information in a file? … and that the data could then be transferred to a PC? In the Technology section of the July 27, 2010 The Wall Street Journal,…
By | Posted in CSO/CISO Perspectives, Privacy, Risk Analysis | Also tagged , , , , , | Comments (1)

Application Security – Where It’s At

November 10, 2009 – 6:00 am – Some time ago, I was planning to write about my participation last year in a conference and a workshop on application security and software assurance respectively. One was the annual OWASP (Open Web Application Security Project) Conference in New York and the other was a workshop on the business…
By | Posted in CSO/CISO Perspectives, General, Information Security News | Also tagged , , , , , | Comments (0)

Defending the Defenders

April 20, 2009 – 6:00 am – Each week that goes by seems to bring with it the destruction of yet another icon upon which we build our faith and trust in our environments. In mid-February, the information security community was abuzz with the breaches of the Web sites of premier security firms F-Secure, Kaspersky and…
By | Posted in Cybercrime, General, Privacy | Also tagged , , , , | Comments (0)

In Praise of the Information Security Checklist

June 26, 2008 – 6:00 am – This is much anger and venom spit when the subject of the information security checklist is brought up. At one point in my career I looked at the checklist in disdain figuring that only people who do not understand the true depths of a subject relied on checklists as a crutch in place of…
By | Posted in CSO/CISO Perspectives | Also tagged , , , | Comments (0)

The OCC and Application Security: Vindication at Last

June 17, 2008 – 6:00 am – On May 8, 2008, the OCC (Office of the Comptroller of the Currency, part of the U.S. Department of the Treasury) issued Bulletin 2008-16, which you can find here. As the OCC states, there have been prior mentions of application security by the FFIEC (of which OCC is a member), NIST and others.…
By | Posted in CSO/CISO Perspectives | Also tagged , , , , , , | Comments (0)