You know the saying about riding a bicycle – do it once and you’ll remember it forever? That may be true for bicycles, but it’s certainly not the case when it comes to web security testing. The tools we use and the flaws we’re attempting to find evolve over time. Your web scanner experience plays […]
Successful web security testing is not as simple as point and click. Unfortunately, many people treat it as such. The thought process goes something like this: 1. Load web vulnerability scanner. 2. Enter URL to scan. 3. Click Go. 4. Generate report for the auditors. 5. Be done with it until next month. Don’t get […]
You’ve heard me say that planning is half the battle with Web security assessments. I’m finding that more and more people are on board with thinking things through in advance but there’s still one area that’s not getting the attention it deserves. It’s deciding on which environment to test: development, staging or production.
I recently participated in a webinar aimed at helping physical security professionals, corporate security managers and others responsible for both physical and logical security. This is an area of security that doesn’t get near the attention it deserves – especially when it comes to the Web security component.
If you’ve heard it once you’ve probably heard it a thousand times: time to market is critical. Indeed, when it comes to software development, many business executives, marketers, product managers and sales weasels live and breathe by this mantra. Just get it out the door and we’ll fix the stuff that needs fixing later. We’ve […]
I’ve heard experts in time management say that one minute of planning can save you five minutes in execution. This applies to so many things we do in IT and information security but I can’t think of anything more important than security testing. Applying the 80/20 rule to this scenario, the first 20 percent of […]