Yearly Archives: 2011

Remediation On Rails: Executing Your Software Security Remediation Project

[See last Thursday’s post “’FIX IT!’ Ain’t Gonna Cut It” for more information on kicking off a software security remediation project and Friday’s post “Don’t Bring an HTML Encoder to a SQL Injection Fight” for more information on planning a remediation project.] The good news is that if you got your stakeholders aligned in an […]

Don’t Bring an HTML Encoder to a SQL Injection Fight: Planning Your Remediation Project

[See yesterday’s post “’FIX IT!’ Ain’t Gonna Cut It” for more information on kicking off a software security remediation project.] Normally information security creative writing is reserved for marketing brochures talking about Advanced Persistent Threats, but I thought I would share a little something I’ve been working on. This is an excerpt from an infosec […]

“FIX IT!” Ain’t Gonna Cut It: Kicking Off a Software Security Remediation Project

Imagine this scenario: Your development team builds an application and puts it into production. Down the road, a customer asks you to do a security assessment. You run a scanner against the application and perhaps even do some manual penetration testing. The result is you end up with a long list of vulnerabilities and the […]

Webinar: The Self-Healing Cloud

Tomorrow I’ll be giving a free webinar called “The Self-Healing Cloud.” I’ll be discussing automated virtual patching and how it can be successfully employed. You can sign up for the webinar below. If you’re interested in the topic but can’t attend the webinar, sign up to receive information after the webinar.   Thursday, November 17, […]

New Application Security Webinar Series

We’ve got some great webinars coming up, starting next week. John Dickson be explaining how to rank inherited applications according to the amount of risk they present to an organization, and how you can begin to assess those risks in “Securing Inherited Applications,” which will be given in two parts. I’ll be talking about automated […]

LASCON 2011 Recap: Virtual Patching and Real-World OpenSAMM

LASCON 2011 was last Friday and I have to say I had a great time. The speaker list was fantastic, the hallway conversations were thought-provoking and, as always, the speed debates were not-to-be-missed (and not-to-be-recorded to protect the participants). This bodes well for OWASP AppSecUS being held in Austin in 2012. I talked about some […]