Application security competence found at bottom
As most techsec professionals, I’ve been asked to do more and more in application security matters, an area that I’ve usually seen specialist ninjas dominate due to the often extreme technical depth required of the realm.
I’ve written previously about how [in]competence seems to be very hard to [...]
The state of the industry is now and has long been driven by companies selling easy solutions to the incredibly difficult problem of meeting the conflicting goals of performance, usability, and security. What the clued have known and the unclued usually have not is that there is no easy answers, turn-key appliances, or buttons to [...]
I keep thinking about a conversation that I had this last December. They described people who were ran their servers and infrastructure well as never existing, or if they did, they do no longer. The person I was talking to called them “old school legendary ninjas.”
Ran stable systems with high uptime. Logged events [...]
Disclaimer: I have not been provided any inside or NDA’d information on any gaming platform in any form. All of this is from public information and my own conjecture and professional experiences.
I’m telling this story for a few reasons. First, I was able to be a little clever in my approach and since I [...]
Trustwave’s Spiderlabs issued their annual report of their work efforts in the last year; 220 data breach investigations and more than 2,300 penetration tests. They were kind enough to share their findings with the rest of us which I for one really appreciate. It has been a recurring theme of mine that we as professionals [...]