Vulnerability Assessments

Post: Getting Started with ZAP and the OWASP Top 10: Common Questions

This article has been updated with new information for 2019. I recently received an email from a developer who was gearing up to use OWASP ZAP to test the security of their code. The developer had some questions about OWASP ZAP, testing for the OWASP Top 10 2013, and ZAP configuration. After I answered the […]

Post: Getting Started with IoT Security with Threat Modeling

Overview The Internet of Things (IoT) is an exciting and emerging area of technology allowing individuals and businesses to make radical changes to how they live their lives and conduct commerce. Millions of Internet-connected devices are being deployed to help individual users and enterprises make their lives easier and accomplish tasks quicker and easier than […]

Post: Black Friday Security Checklist for Retail Companies

If you’re lucky enough to work at a retail company, the next several weeks of holiday shopping may be the difference between a financially successful or unsuccessful year. As buyers, we’re all too familiar with the holiday shopping season, regardless of whether we either choose to buy our gifts from Amazon and other online retailers, […]

Post: 2016 Post Gartner Recap

                     Now that the dust has settled on the annual 2016 Gartner Security and Privacy Symposium, we can look back through a clean lens and identify themes that bubbled to the surface of the different sessions. Although a critical mass of security leaders were in attendance, […]

Post: Making the Case for Secure, Defect-Tested Software Development

Originally published on DevOps.com Creating a software security initiative in any organization is no easy feat. Often times, organizational culture or politics can provide development managers with a strong counterargument for implementing software security concepts. Unfortunately, building software without a consideration for security has become a less viable option given the increase in compliance pressures […]

Post: Mobile Application Assessments By The Numbers at AppSecEU

The slides from the OWASP AppSecEU presentation “Mobile Application Assessments By The Numbers: A Whole-Istic View” are online here: Application Security Assessments by the Numbers – A Whole-istic View – OWASP AppSec EU 2015 from Denim Group The abstract for the talk was: By analyzing the data from over 60 mobile application security assessments, we […]