Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: OWASP

Where Are the AppSec Candidates?

– I recently gave a presentation at the 2013 IEEE LISAT (Long Island Science, Applications and Technology) Conference on “Mitigating the Risks of Cyber-Security Systems.” First, I pointed out the important differences in definitions of cyber-security systems … some (such as the National…

Was Citi Sleeping? Could Functional Security Testing Have Saved the Day?

– Do you remember reading over the summer about Citigroup having a security hole in an iPhone app, which stored all manner of nonpublic personal information in a file? … and that the data could then be transferred to a PC? In the Technology section of the July 27, 2010 The Wall Street Journal,…

Application Security – Where It’s At

– Some time ago, I was planning to write about my participation last year in a conference and a workshop on application security and software assurance respectively. One was the annual OWASP (Open Web Application Security Project) Conference in New York and the other was a workshop on the business…

Defending the Defenders

– Each week that goes by seems to bring with it the destruction of yet another icon upon which we build our faith and trust in our environments. In mid-February, the information security community was abuzz with the breaches of the Web sites of premier security firms F-Secure, Kaspersky and…

In Praise of the Information Security Checklist

– This is much anger and venom spit when the subject of the information security checklist is brought up. At one point in my career I looked at the checklist in disdain figuring that only people who do not understand the true depths of a subject relied on checklists as a crutch in place of…