Communicating with Management 3

Communicating with Management about Web Security, Part 3 – Getting and Keeping Your Message Out There

We’ve all seen it. Apathy and disinterest are the name of the game with web security until a business deal is threatened, a data breach occurs, or an auditor reports something negative to the board and management is called on … [+]

Communicating with Management 2

Communicating with Management about Web Security, Part 2 – Prioritization and Sending the Right Message

Have you ever noticed that many people aren’t motivated to do things until there’s a pressing need that’s often personal in nature? It’s the way the world works. In fact, the fear of loss and the desire for gain are … [+]

Communicating with Management 1

Communicating with Management about Web Security, Part 1 – Knowing What You’re Up Against

Nothing in life is more important than the ability to communicate effectively. That’s what former U.S. President Gerald Ford once said and I can’t stress enough how impactful that message can be on our web security efforts. Whether we’re trying … [+]

The importance of Internal Web Security Assessments

The importance of Internal Web Security Assessments

What do things look like on the outside? That’s the main focus we have as human beings. But beauty is only skin deep. As with relationships and leaked NSA documents, we quickly discover that what’s on the inside is just … [+]

Slowloris detection in AWVS

Why You Need To Pay Attention To The Slow HTTP Attack

Okay, I admit, I haven’t been stressing enough to people just how critical the Slow HTTP vulnerability really is. The Slow HTTP flaw is present on practically every Apache-based system I test and can facilitate denial of service (DoS) conditions … [+]

The Role Of An Automated Web Security Scanner In A Holistic Web Security Audit

The Role Of An Automated Web Vulnerability Scanner In A Holistic Web Security Audit

Easily two-thirds of the value of any given web vulnerabilities assessment comes from the use of automated web vulnerability scanners. At least that’s been my experience. I certainly don’t have the knowledge – or the time – to manually track … [+]

Why Management Still Doesn't Get Web Security

Why Management Still Doesn’t Get Web Security

Having worked in IT for nearly two and a half decades, I’ve certainly seen my share of blame and abuse thrown the way of IT. Whether the network is down or the application is unavailable, people immediately assume that whatever … [+]

Top 5 Information Security Trends in 2013

Top 5 Information Security Trends in 2013

It’s always tricky to write about “top trends” especially in information security given that things are always in a state of flux. Yet still I can’t help but think about several key areas that you and I must keep our … [+]

How Your Web Presence is Throwing You Out Of Compliance

How Your Web Presence is Throwing You Out Of Compliance

Don’t you hate it when you’re chugging along, minding your own business, doing what you believe to be the right things in business then whammo, an oversight catches you off guard? Take, for instance, a compliance violation that comes up … [+]

The Disconnect between IT Audit and Software Developers

The Disconnect between IT Audit and Software Developers

IT auditors, whether they’re in-house or external, are forming stronger relationships with IT and security staff. They have to in order to effectively perform their audits. It’s good for the auditor, IT staff, and the business as a whole. When … [+]