I recently collaborated on a piece for InformationWeek entitled “A How-To Guide To Cloud Computing“.  My portion was a tight 700 or so words regarding what security topics to consider when utilizing the cloud for the first time. I would have liked to write a lot more and go indepth, but it was not the [...]

The great folks over at the PCI council have finally done something I agree with.  They have provided a clear and concise explanation of PCI 6.6.  Typically, their direction is unclear and left to the masses to decipher.
In the new PCI 6.6 supplement, the council has given more direction on how to meet the dreaded [...]

This URL was sent over to me by a co-worker. Looks like Google is hosting a few presentations and video related to Web Security. Worth a review.
http://code.google.com/edu/security/index.html

The Center for Internet Security announced this morning that they will be launching an Apache Tomcat benchmark project, along with Xen and SUSE.
I am pleased to announce that I will be heading up the Tomcat project for CIS.  If you are interested, or know anyone who might be, please subscribe to the mailing list and [...]

Recently I posted about PCI’s new payment application mandate coming out. Today I was lucky enough to receive a draft version, a comment sheet, and the associated NDA (thus why I have not posted the documents here).
A quick review basically outlines what we expected. PCI is taking Visa’s PABP program, transitioning it into PCI [...]

Recently, October 2007, Larry Suto released a case study analyzing several web application scanners. Upon reading it, I disregarded the findings as there was little to no information revealed around application and scanner configuration.
I complained that I could not trust the results because the configurations were not provided. I was surprised to speak [...]

VISA has released new security mandates regarding the use of Point of Sale systems.
” Beginning January 1, 208, Visa will implement a series of mandates to eliminate the use of non-secure payment applications from the Visa payment system.”
The basic idea is to require new application security requirements around point of sale systems. While VISA [...]