Web Application Security

Post: Getting Started with ZAP and the OWASP Top 10: Common Questions

This article has been updated with new information for 2019. I recently received an email from a developer who was gearing up to use OWASP ZAP to test the security of their code. The developer had some questions about OWASP ZAP, testing for the OWASP Top 10 2013, and ZAP configuration. After I answered the […]

Post: Application Security in 2018: Questions Rather than Answers

    If you’re like me, you just survived the onslaught of “what we saw in 2017” lists, only to be inundated shortly thereafter by “what we will see in 2018” predictions in security. As a vendor in the application security space, we’re in the thick of things. We have our ears to the ground, […]

Post: 2016 Post Gartner Recap

                     Now that the dust has settled on the annual 2016 Gartner Security and Privacy Symposium, we can look back through a clean lens and identify themes that bubbled to the surface of the different sessions. Although a critical mass of security leaders were in attendance, […]

Post: Cybersecurity: It’s All About the Coders (Thoughts on My TEDx Talk)

I recently gave a presentation at the TEDx San Antonio conference on March 5th, 2016 held at Rackspace Global Headquarters. This was a tremendous experience and I got to meet and share ideas with a bunch of great folks. Here’s a video of the talk: And here’s an interview I did with Jennifer Navarrete afterward […]

Post: Having Trouble Starting Your Application Security Program? Beat Up Your Vendors!

Starting an application security program can be very challenging. If you don’t know how to get started – or if you can’t seem to get any traction getting your organization to change its ways – consider changing your focus and instead beat up on your vendors. Why Is Application Security Hard? Creating an internal application […]

Post: Webinar: How iOS and Android Handle Security

Today I delivered a webinar on mobile application security and, specifically, on how the iOS and Android platforms handle security. Slides and audio are online here: How iOS and Android Handle Security Webinar from Denim Group The goal of the webinar was twofold: Educate developers on the security characteristics and capabilities of their chosen development […]