My first Informationweek article is now published online.

Via the SPI Dynamics blog ,I saw that Ory Segal of IBM/Watchfire released an analysis of Larry Suto’s scanner comparison.   If you recall, Jeff Foristal of SPI released his own a few weeks back. I will let you compare and make up your mind, but I will note that both are much more open and [...]

Borrowing an idea from Darren Herman, I am going to begin posting weekly links that I found intersting. Here are a few that I liked this week:

Early gift from CPA-St. Nick: Write-off that R&D!
Early State Board of Directors
Ad Revenue Models
There’s No Money In the Long Tail of the Blogosphere
Security and Disruptive Innovation

Tonight I was working with VoIP spoofing and click to dial technology. While testing a configuration I had my PBX dial my cell phone, I ignored the call on my cell, and to my surprise my SIP phone went to the voicemail of my cell phone.
Apparently, when I setup the SIP configuration I used my [...]

Recently I posted about PCI’s new payment application mandate coming out. Today I was lucky enough to receive a draft version, a comment sheet, and the associated NDA (thus why I have not posted the documents here).
A quick review basically outlines what we expected. PCI is taking Visa’s PABP program, transitioning it into PCI [...]

Recently, October 2007, Larry Suto released a case study analyzing several web application scanners. Upon reading it, I disregarded the findings as there was little to no information revealed around application and scanner configuration.
I complained that I could not trust the results because the configurations were not provided. I was surprised to speak [...]

VISA has released new security mandates regarding the use of Point of Sale systems.
” Beginning January 1, 208, Visa will implement a series of mandates to eliminate the use of non-secure payment applications from the Visa payment system.”
The basic idea is to require new application security requirements around point of sale systems. While VISA [...]

A friend of mine, and great security researcher, has published an Ajax Security book. This book is already recieving rave reviews and promises to be a must read for Ajax developers and application assessors.
Please pick up a copy of Billy Hoffman and Bryan Sullivan’s Ajax Security book.

Currently there are several offerings in the market for application security testing. There is black box, white box, grey, and finally binary analysis.

Black Box Testing
Like all things in life, black box testing has its ups and downs. Through this testing method, the tester focuses on portions of the application which the user [...]

Walking to work this morning, I had realized something very important. With the exception of one job years ago, I have stayed out of sales. I decided a long time ago that I do not like to sell and I am not a good sales person.
Today I realized that I was wrong. [...]