Error! That’s something we don’t have much room for in application security. Yet we leave so much to chance. The only reasonable way to find the flaws that matter – and to keep up – is to use automated tools and processes wherever possible. Numerous information security studies show that application security is seriously lagging […]
I recently read about a marketing agency that experienced a security breach and subsequent defacement of its customers’ websites. Apparently their developers had misconfigured the web server and unknowingly gave the whole world access to change any and all content at will. What interested me the most was the fact that out of the hundreds […]
Looking at the bigger picture of application security it seems that no one else really hears us. Sure, product managers, marketing, legal, HR and even certain people in management say they understand what’s at stake. But are they really on board? Business leaders have learned that they must teach, train and develop their employees. Otherwise, […]
One of the most common questions I get is “What’s your take on cloud security?” Well, my answer is relatively straightforward: never assume that all’s well just because someone says it is. In other words trust but verify.
The 2011 Verizon Data Breach Investigations Report is out. Yeah, yeah, yeah – yet another report telling us what a bad state of security we’re in and that we need to fix all sorts of things in IT. Okay, I’m not going to complain too much because it does help generate business and keep us […]
Regulatory ‘compliance’ – it’s a dirty word in business today. Perhaps that’s because we’re being force-fed more and more rules that various governing bodies believe are the best ways for us to run our businesses. Regardless of what side of the government growth – and IT governance – equation you’re on, IT compliance is here […]
Don’t get caught off guard. We hear that statement all the time with regards to information security. Sadly, as many businesses have experienced, such talk is cheap. Obviously no one wants their Web site to get hacked. Okay, maybe a few admins or developers who are dying to find a way to get the funding […]
Do you ever find yourself driving down the road in an unfamiliar place and you get that gut feeling that you’re headed in the wrong direction? Well, I feel that’s exactly where we are with application security – heading in the wrong direction. First off, with application security, most things are reactive: “Let’s just get […]