Information Security

Post: Even in the Midst of COVID-19, Russia is Undeterred, and this Shouldn’t be a Surprise

Background: As we struggle for a sense of normalcy during this pandemic, we can draw comfort from certain constants in life. One of those constants is Russian nation state hacking. A recent public report from the United Kingdom’s National Cyber Security Centre (NCSC) and Canada’s Communications Security Establishment (CSE) documented a pattern of activities from […]

Post: Cleartext vs. Plaintext vs. Ciphertext vs. Plaintext vs. Clear Text

This blog has been updated with new information for 2020. This came up a few times during the last round of security reports we at Denim have been writing, so I wanted ensure everyone understood the distinction.  Granted, it is a subtle distinction, but it does exist even thought it sounds like a Dr. Seuss […]

Post: A Guide to ASP.NET’s Page Life Cycle and the ViewState

This blog has been updated with new information for 2020. ASP.NET provides you with several life-cycle events for you to handle and insert all the functionality of your web application.  This article will explore the operations that all web-pages need to do, and map them to the ASP.NET lifecycle events.  Then we will look at […]

Post: What’s in a Name? – Why Gartner Picking “Application Vulnerability Correlation” is an Important Step for the Application Security Market

This blog has been updated with new information for 2020. If you haven’t seen it yet, Gartner just published its “Hype Cycle for Application Security, 2016” written by Gartner Analyst Ayal Tirosh with support from colleague Lawrence Pingree (Gartner clients can view it at https://www.gartner.com/doc/3376617/hype-cycle-application-security-). This is potentially a deeply important step for the application […]

Post: Musings on Patch Management

This article has been updated with new information for 2019. Denim Group is best known in the marketplace as an application security solution provider. With our ThreadFix vulnerability resolution platform we know a thing or two about identifying, mitigating, and remediating vulnerable applications. We are less well known for network security and strategic services, although […]

Post: Getting Started with ZAP and the OWASP Top 10: Common Questions

This article has been updated with new information for 2019. I recently received an email from a developer who was gearing up to use OWASP ZAP to test the security of their code. The developer had some questions about OWASP ZAP, testing for the OWASP Top 10 2013, and ZAP configuration. After I answered the […]