Orginally published in the online magazines Testing Experience and Security Acts, our Application Security Fundamentals whitepaper is now available here. We welcome your feedback, please send your comments and questions via our Contact Us page.
» Web App Security Scanner Comparison - September 25, 2009Consciere recently had the opportunity to use two widely-recognized commercial web application security scanners against a real-world target built with ASP.NET. The target app was small, with a handful of pages protected by a sign-on form, and we performed remote unauthenticated scanning. Although perhaps un-representative because of scale, structure, and nature of the testing, we [...]
» New HIPAA Landscape for Business Associates: Tracing the specific effects of ARRA on HIPAA Security Compliance - June 16, 2009A question about the law reference for HIPAA Business Associates leads to a foundational discussion of the changing requirements of the HIPAA Security Rule under the American Recovery and Reinvestment Act (ARRA) of 2009.
» Never Go Network on Me, Kid - June 1, 2009There was so much deja vu in this that we had to post it:
http://dilbert.com/2009-05-24/
I find it interesting when two seemingly disparate disciplines arrive at similar conclusions independently. I got this feeling while reading the following two unrelated articles that appeared on the same page in The Wall Street Journal: Derivatives and the Wisdom of Crowds, and The State of Surveillance. Especially since they both touched on a topic [...]
» Quant Fever 2 - March 1, 2009Well, risk is in on everyone’s’ mind nowadays, to say the least. I came across an article awhile back that discussed the use of sophisticated risk quantification formulas in the financial industry, and how they’ve proven to be inadequate in the face of real-world events that are difficult to model (e.g. politicians firmly pressing their [...]
» Managing Security Projects with Infrastructure Changes - February 19, 2009The last several years have brought a deluge of new compliance requirements, mainly affecting budget-constrained IT departments. Many organizations are still struggling to comply with the new regulations and industry standards with limited resources. Infrastructure hardening has come out of hiding after years of lurking in the background behind development.
Managing these infrastructure changes is different [...]
KXAN TV is reporting that this week’s early commute past an Austin TX intersection included two roadside safety signs that read “CAUTION! ZOMBIES AHEAD!!” and “ZOMBIES IN AREA RUN” among other messages . Read more or watch the video here. Reporters indicate the perpetrators manually gained logical access to the “password protected” system locked inside [...]
» It’s all about the Program - August 24, 2008Congratulations to the USA men’s basketball team on winning the Olympic Gold Medal in 2008. A lot was made of the new strategy of taking the long view and developing a program for winning in world competition, beyond just fielding ad hoc aggregations of superstars (who were unable to take home gold last time). It [...]
» How To Sell Security - July 25, 2008Bruce Schneier recently posted an article on CIO.com entitled “How to Sell Security.” In it, Bruce uses Prospect Theory to assert that the most effective way to sell security is through fear, or more ethically, indirectly bundled as part of more generic offerings. Bruce as always makes solid points, but I think overlooks a key [...]