Vulnerability Assessments

Post: Getting Started with IoT Security with Threat Modeling

Overview The Internet of Things (IoT) is an exciting and emerging area of technology allowing individuals and businesses to make radical changes to how they live their lives and conduct commerce. Millions of Internet-connected devices are being deployed to help individual users and enterprises make their lives easier and accomplish tasks quicker and easier than […]

Post: Black Friday Security Checklist for Retail Companies

If you’re lucky enough to work at a retail company, the next several weeks of holiday shopping may be the difference between a financially successful or unsuccessful year. As buyers, we’re all too familiar with the holiday shopping season, regardless of whether we either choose to buy our gifts from Amazon and other online retailers, […]

Post: What’s in a Name? – Why Gartner Picking “Application Vulnerability Correlation” is an Important Step for the Application Security Market

If you haven’t seen it yet, Gartner just published its “Hype Cycle for Application Security, 2016” written by Gartner Analyst Ayal Tirosh with support from colleague Lawrence Pingree (Gartner clients can view it at https://www.gartner.com/doc/3376617/hype-cycle-application-security-). This is potentially a deeply important step for the application security market because it provides clarity around a set of […]

Post: 2016 Post Gartner Recap

                     Now that the dust has settled on the annual 2016 Gartner Security and Privacy Symposium, we can look back through a clean lens and identify themes that bubbled to the surface of the different sessions. Although a critical mass of security leaders were in attendance, […]

Post: Making the Case for Secure, Defect-Tested Software Development

Originally published on DevOps.com Creating a software security initiative in any organization is no easy feat. Often times, organizational culture or politics can provide development managers with a strong counterargument for implementing software security concepts. Unfortunately, building software without a consideration for security has become a less viable option given the increase in compliance pressures […]

Post: Getting Started with ZAP and the OWASP Top 10: Common Questions

I recently received an email from a developer who was gearing up to use OWASP ZAP to test the security of their code. The developer had some questions about OWASP ZAP, testing for the OWASP Top 10 2013, and ZAP configuration. After I answered the email, I asked if I could repost it here because […]