Tag Archives: OWASP

Application Security – Where It’s At

– Some time ago, I was planning to write about my participation last year in a conference and a workshop on application security and software assurance respectively. One was the annual OWASP (Open Web Application Security Project) Conference in New York and the other was a workshop on the business…

Defending the Defenders

– Each week that goes by seems to bring with it the destruction of yet another icon upon which we build our faith and trust in our environments. In mid-February, the information security community was abuzz with the breaches of the Web sites of premier security firms F-Secure, Kaspersky and…

In Praise of the Information Security Checklist

– This is much anger and venom spit when the subject of the information security checklist is brought up. At one point in my career I looked at the checklist in disdain figuring that only people who do not understand the true depths of a subject relied on checklists as a crutch in place of…

The OCC and Application Security: Vindication at Last

– On May 8, 2008, the OCC (Office of the Comptroller of the Currency, part of the U.S. Department of the Treasury) issued Bulletin 2008-16, which you can find here. As the OCC states, there have been prior mentions of application security by the FFIEC (of which OCC is a member), NIST and others.…