Recently, a project manager I work with asked me if I had manually validated a set of security flaws I uncovered during a web security assessment. The flaws in question were related to the server host and not the actual Web application. I actually had not manually validated every single finding in that regard. I […]
I recently participated in a webinar aimed at helping physical security professionals, corporate security managers and others responsible for both physical and logical security. This is an area of security that doesn’t get near the attention it deserves – especially when it comes to the Web security component.
As I wrote in my previous post about low-hanging fruit and the 2011 Verizon Data Breach Report, I’m a strong believer in finding out where your Web systems are bleeding and focusing on those issues first. It’s the basic principle of triage – finding, and fixing, the urgent issues on the important systems. The thing […]
If you’re reading this blog, Web security testing is undoubtedly on your radar. You may have an ongoing process for testing Web vulnerabilities but do you actually have a policy for it? I’m all about keep things simple with security and, when you think about it, adding more documentation, more rules, and more process often […]