Veteran’s Personal Information Stolen

Saw this article online earlier.  Apparently a Veterans Administration employee had been taking veterans’ personal information home and their house was burglarized.  Nice work.

This is very timely for me because I had a chance to see Ira Winkler speak at the Texas Regional Infrastructure Conference (TRISC) last week and picked up a copy of his latest book:

Managed to chew through most of this over the weekend and it is a great read.  The focus of what we do at Denim Group is largely on threats to organizations via web applications, so a book like this and incidents like the most recent one with the VA help to put what we do into perspective.  You can (and should!) defend against SQL injection vulnerabilities and other web application threats, but if your policies and procedures are such that employees are walking out the front door with sensitive information you are always going to be open to attack.

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Leave a Reply

Your email address will not be published. Required fields are marked *