Application Security Tools

Post: HouSecCon Presentation – SecDevOps: Development Tools for Security Pros

HouSecCon 2015 has wrapped up and the team did a great job putting on a first-rate event. I had the opportunity to give a talk about the tools that development teams use with the goal of educating security professionals and giving them ideas of how to better work together with dev teams to get issues […]

Post: Industry Leaders Collect Public Benchmarking Data Sets to Improve Software Security

On Saturday, March 28, 2015 at the OWASP SAMM Summit in Dublin, a group of Application Security leaders announced a new project that they had been working on since the summer of 2014: the industry’s first public benchmarking data for improving software security. The leaders’ vision is to offer companies a comparative data set, allowing […]

Post: Mobile Application Assessments By The Numbers at AppSecEU

The slides from the OWASP AppSecEU presentation “Mobile Application Assessments By The Numbers: A Whole-Istic View” are online here: Application Security Assessments by the Numbers – A Whole-istic View – OWASP AppSec EU 2015 from Denim Group The abstract for the talk was: By analyzing the data from over 60 mobile application security assessments, we […]

Post: Austin ISSA Slides: Structuring and Scaling an Application Security Program

The slides from my talk at Austin ISSA yesterday are online here: Structuring and Scaling an Application Security Program from Denim Group The title of the talk was: Structuring and Scaling an Application Security Program And the abstract  was: Most organizations understand that the software they develop and deploy exposes them to risk from attackers. […]

Post: Mobile Application Security – Don’t Cheat Yourself

I recently did a webinar on mobile application security where we looked at some statistics pulled from a subset of our mobile security assessments to look at a couple of important issues: Where do the most serious vulnerabilities exist in mobile applications (mobile code, enterprise web services, or 3rd party web services)? What types of […]

Post: Upcoming Webinar on Mobile Application Security Assessments

I’ll be doing a webinar on mobile application security assessments on Wednesday October 22nd. We’ll be talking about how security issues can exist in code deployed on a mobile device, in corporate web services backing the device, in any third party supporting services as well as in the interactions between any of these components. The […]