Yearly Archives: 2019

Post: Musings on Patch Management

This article has been updated with new information for 2019. Denim Group is best known in the marketplace as an application security solution provider. With our ThreadFix vulnerability resolution platform we know a thing or two about identifying, mitigating, and remediating vulnerable applications. We are less well known for network security and strategic services, although […]

Post: Embedding Security Practices into Digitization Drives

An increasingly competitive environment is forcing companies to innovate faster in order to provide more value to customers and other stakeholders and bring products and services to the market more quickly. They are called to do this by taking advantage of the opportunities afforded by a host of new digital technologies as part of their […]

Post: Getting Started with ZAP and the OWASP Top 10: Common Questions

This article has been updated with new information for 2019. I recently received an email from a developer who was gearing up to use OWASP ZAP to test the security of their code. The developer had some questions about OWASP ZAP, testing for the OWASP Top 10 2013, and ZAP configuration. After I answered the […]

Post: MIME Sniffing in Browsers and the Security Implications

Introduction Whenever a website in opened in a browser, there are many tasks that are being silently performed in the background. One of those tasks is fetching resources such as images, stylesheets and JavaScript from different domains on the internet and then parsing those resources. For example, a browser fetches an image from remote server […]

Post: How to Get Started Securing IoT Devices

Modern Internet of Things (IoT) devices are connected to operate with other devices, web portals and one another in order to share real-time data. For teams building, or looking to integrate new IoT devices into their organization, this business decision represents an increase to your overall attack surface, and therefore presents new challenges for the […]

Post: Seeking Feedback: Validating Vendor Claims Involving AI in Security Products

RSA Peer-to-Peer (P2P) sessions are some of the hidden gems that too many RSA attendees overlook in the organized chaos that is the world’s largest annual security conference.  I’ve had the opportunity to facilitate several P2P sessions at recent RSA conferences including last year’s session titled “Practical Applications of AI in Security: Success Stories from the […]