Unfortunately, the conference provided lunch today, but did not provide us time to eat it so I had to eat while listening to this talk. It was by Trey Ford and Jeremiah Grossman from Whitehat Security and I’m pretty sure they’ve done it before. You may even be able to download a copy of the […]
I’m currently at the OWASP AppSec 2008 Conference in New York City and am listening to the keynote presentation shared by the board of OWASP. Starting off is Jeff Williams, Chair of OWASP. He talked about OWASP’s mission, what we’re currently working on, and offered the following suggestions on how to take OWASP into the […]
As I’m preparing to take my trip to New York for the OWASP AppSec Conference, I came across a timely article on the risks involved with using a hotel network. The Center for Hospitality Research at Cornell University surveyed 147 hotels and then conducted on-site vulnerability testing at 50 of those hotels. Approximately 20% of […]
I’ve been focusing a lot of my time lately on our PCI initiatives. One sub-topic that I’ve spent a particularly large amount of time on has been Requirement 11.2 which says that you need to have internal and external network vulnerability scans performed by a scan vendor qualified by PCI. We already employ one such […]
McAfee released the results of a survey last week after sampling 500 IT decision-makers from companies with 1,000 to 2,000 employees. The results are pretty astounding. Forty-four percent think that cybercrime is only an issue for larger organizations and believe it does not affect them. Fifty-two percent believe that because they are not well known, […]
If you are responsible for developing or maintaining a website and haven’t checked out Ratproxy yet, you’re missing out. Before I start spouting off about just how cool and useful this tool is, I suppose I should first tell you what a proxy is. In a nutshell, a proxy is an application that runs local […]
