An Open Letter to Barack Obama: If You aren’t Sure of Health Exchange Security, Shut it Down Now
Stability in Only the First Issue – Security Will Be Healthcare.gov’s Real Achilles Heel There has been a significant amount of attention to the the […]
Web App Sec
Eight Reasons Why SQL Injection Vulnerabilities Still Exist: A Developer’s Perspective
Knowing how to prevent a SQL injection vulnerability is only half the web application security battle. A multitude of factors come into play when it […]
OWASP Top 10 List Maturing – Evidenced by Minor Changes
The OWASP Top 10 list is well known as the industry standard for what matters in web security. The list, which ranks the most critical risks organizations face through their web applications, was recently updated. The 2013 Top 10 Listfeatures some incremental but noteworthy changes that point to the project’s maturity.
An Information Security Place Podcast – Episode 04 for 2012
Hmmm Lets see if I even remember how to enter this stuff anymore… Yeap you guessed it, we finally recorded another episode – WOOT! Show […]
Podcast: Play in new window | Download (Duration: 51:43 — 72.7MB)
Subscribe: Apple Podcasts | RSS
Tales from the web scanning front: Don’t eat the entire buffet at once
One of the more common problems that we see is customers trying to bite off more of their application infrastructure at once than they can […]
Surviving the Week – 02/17/2012
The NTO team keeps growing and the demands of running the business and supporting our customers is keeping me busy… and its a blast. But […]
Tales from the Web Scanning Front: Why is This Scan Taking So Long?
As CEO, I’m constantly emphasizing the importance of customer support and trying to attend several support calls each week to stay on top of our […]
Surviving the Week – 12/09/2011
Sorry I missed last week, this one will cover the last two weeks. NT OBJECTives Releases SQL Invader – NTO SQL Invader finally makes it easy […]
Surviving the Week – 11/18/2011
This week was a busy one for me, as I’m finally done traveling for awhile and and got back to working on NTOSpider6 and our […]
Twitter shortened links – Security bad practice?
As as spend more time using twitter, I understand the need for shortened URL’s and make heavy use of them. But, when I am viewing […]
Response to WAF/IDS/IPS Effectiveness Report
For those of you who know me as well as Dan, you know that we have spoken quite often on our podcast (Information Security Place […]
Is your WAF effective? Independent research study
WAF & IPS Effectiveness Report, by Larry Suto There has been a lot of discussion, articles and analyst reports about WAF’s over the years (some […]
Surviving the Week – 11/11/2011
Web application security news from the last couple weeks. [I guess I didn’t figure out how to keep going with this weekly post when Im […]
HouSecCon 2011 and B-Sides ATL Review
Last week was a travel week. On Wednesday I was in Austin for some meetings, then headed to Houston for the second annual HouSecCon on […]
Surviving the Week – 09/30/2011
The hacks are continuing to take place on more and more critical sites. Mysql.com hacked, serving malware – These type of hacks against critical open […]
Surviving the Week – 09/23/2011
Sorry for the missing posts the last couple of weeks, I need to figure out how to manage these weekly posts during travel periods. So […]
Surviving the Week – 09/02/2011
Welcome to “Surviving the Week”! Each week I will be collecting the top news/stories/articles/blog_posts related to application security. These may not always be the big […]
WAF != Firewall
A “Web Application Firewall” is not a “Firewall”! Why are “Web Application Firewall’s” (WAF’s) called “Firewalls”? I think the term firewall was initially used by vendors […]
Planet Websecurity
For those trying to follow the latest news of our web app sec community, someone has finally setup a feed planet called Planet Websecurity that […]
Why is it so hard to code secure web apps?
After my run in with vBulletin I began a search for a secure and stable open sourced forum solution. My first thought was to find […]
A Month of PHP Security Bugs
The folks at the Hardened PHP Project (makers of Suhosin) have started their Month of PHP Bugs initiative. This initiative is an effort to improve […]
Universal PDF XSS
Cross Site scripting attacks are getting even more dangerous these days, and exploitable in many new creative ways. I will be discussing this issue in […]
Jeremiah Grossmans XSS BlackHat Presentation
If you didnt get to BlackHat this year, then you may have heard about the really cool presentation about Cross Site Scripting. He uses XSS […]
Podcast: Play in new window | Download (Duration: 53:38 — 127.2MB)
Subscribe: Apple Podcasts | RSS
MightySeek on (IN)SECURE Magazine
The MightySeek podcast got a cool mention in the lastest issue of (IN)SECURE Magazine.