Security Programs

Post: Cleartext vs. Plaintext vs. Ciphertext vs. Plaintext vs. Clear Text

This blog has been updated with new information for 2020. This came up a few times during the last round of security reports we at Denim have been writing, so I wanted ensure everyone understood the distinction.  Granted, it is a subtle distinction, but it does exist even thought it sounds like a Dr. Seuss […]

Post: What’s in a Name? – Why Gartner Picking “Application Vulnerability Correlation” is an Important Step for the Application Security Market

This blog has been updated with new information for 2020. If you haven’t seen it yet, Gartner just published its “Hype Cycle for Application Security, 2016” written by Gartner Analyst Ayal Tirosh with support from colleague Lawrence Pingree (Gartner clients can view it at https://www.gartner.com/doc/3376617/hype-cycle-application-security-). This is potentially a deeply important step for the application […]

Post: 2020: The Changing Role of Application Security and Quality Assurance Teams

I recently had the opportunity to talk with Robert Lemos for his article “Application Security and Your Career: 5 Key Areas to Focus On” about the new skills required for application security and quality assurance teams. He included a couple of my comments in the article, and this blog post expands on those themes based on what […]

Post: Getting Started with ZAP and the OWASP Top 10: Common Questions

This article has been updated with new information for 2019. I recently received an email from a developer who was gearing up to use OWASP ZAP to test the security of their code. The developer had some questions about OWASP ZAP, testing for the OWASP Top 10 2013, and ZAP configuration. After I answered the […]

Post: Putting Millions to Work for the Mid-Terms – How States Are Using Federal Dollars to Secure the 2018 Elections

  Secretaries of State across the US got a pleasant surprise earlier in the year when the Federal government included $380 million into its omnibus spending bill that was approved by Congress and signed into law by the President in March.  Funded by the Help America Vote Act, the money has been provided to the […]

Post: Getting Started with IoT Security with Threat Modeling

Overview The Internet of Things (IoT) is an exciting and emerging area of technology allowing individuals and businesses to make radical changes to how they live their lives and conduct commerce. Millions of Internet-connected devices are being deployed to help individual users and enterprises make their lives easier and accomplish tasks quicker and easier than […]