Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: secure development

BSIMM – Top Ten Surprises

– In a prior column, I described the results of a survey conducted by Gary McGraw, Sammy Migues and Brian Chess published in the BSIMM (Build Security In Maturity Model) report available at http://bsi-mm.com/   Most of the results are intuitively obvious … after the fact, that is. But some…

2008 – The Year of the SQL Injection Attack

– For a long time now SQL Injection has been regarded as a potentially devastating attack vector. Attackers used SQL Injection to steal 40 million credit card numbers from Cardsystems in 2005. The rise in SQL Injection attacks has been rapid and has made this attack the one the hackers all want to…

PCI DSS v1.2: Will the New Standard Miss the Mark?

– With the imminent release of version 1.2 of the PCI standard I feel like the new version may miss the mark and not bring the improvements some people had hoped for. The PCI Council released a document detailing the changes that will be made to the standard and I feel several important security…