Yearly Archives: 2009

Denim Group Quoted in eWeek about HTML5 Risks

Brian Prince from eWeek included some of my comments on HTML5 risks in his article “Will HTML 5 and IPv6 Find Their Way into Malware Attacks in 2010?” HTML5 is certainly exciting from a features and functionality standpoint – it offers a number of new capabilities for web application developers to create cool applications.  However […]

Happy Holidays from Denim Group

Happy holidays to everyone from Denim Group.  We’re looking forward to a great 2010 with our customers and employees. –Dan dan _at_ denimgroup.com @danielcornell Posted via email from Denim Group’s Posterous

Drone Video Intercepts: Military Case Study with a Universal Lesson

By Dan Cornell and Michael McBryde There has been a lot of hubbub over the past day and a half about insurgents intercepting video feeds from US unmanned drone aircraft.  Wired has covered this story pretty extensively: ·         Insurgents Intercept Drone Video in King-Size Security Breach ·         Not Just Drones: Militants Can Snoop on Most […]

Guaranteed NO False Positives: Static Analysis Edition

Since everyone seemed to be so excited about our new web application scanner technology that guarantees no false positives, I’m sure everyone will be equally excited about the new Static Analysis Edition.  This is just as simple to use as the dynamic scanning tool we released yesterday – just point the scanner to the directory […]

New Web Application Scanner Technology Guarantees NO False Positives

Recently I’ve been working with some other Denim Group folks to do our regular internal benchmarking of various application security scanners.  Last week we got into a deep discussion of false positives, how many scanners claim to reduce or eliminate them, and different techniques to make this happen.  During the talk we came across an […]

Coverage of Sentinel / Snort Integration from Michael Montecillo

Michael Montecillo from the analyst firm Enterprise Management Associates recently put up a blog post discussing the integration between WhiteHat Sentinel and Snort we built.  It was also covered by Dark Reading a while back. The integration takes the manually-reviewed vulnerability results from Sentinel and generates targeted Snort rules to identify attempts to exploit the […]