Clik here to view.
5 Key Design Decisions That Affect Security in Web Applications
Senior developers and architects often make decisions related to application performance or other areas that have significant ramifications on the security of the application for years to come. Some...
View ArticleClik here to view.
Closing the Secure Web Application Framework Manifesto Project
Last year we released a paper called the “The Secure Web Application Framework Manifesto” in the hopes of influencing web application framework developers to include more security features natively, or...
View ArticleClik here to view.
Safe Online Banking: A new video series
I’m really excited to introduce you to a great new Security Compass video series on Safe Online Banking. These videos are for the everyday banking user (like you and me) who sometimes gets a bit...
View ArticleClik here to view.
Applications are the Crash Test Dummies of Security
Once upon a time driving a car was substantially more dangerous than it is now. Manufacturers were not held liable for accidents caused by their processes. Then everything changed. Now car...
View ArticleClik here to view.
Protecting against Phishing? – Safe Online Banking Series – Security Compass
What is phishing? How do people lose account information online and how do attackers trick you into providing information online? Watch this video to learn how you can protect yourself against...
View ArticleClik here to view.
LinkedIn Isn’t an Isolated Case
By now you’ve probably heard about the disclosure of unsalted, hashed passwords from LinkedIn and possibly other sites. While it’s not immediately clear how malicious attackers got a hold of the...
View ArticleClik here to view.
Dealing with the “Security is Special” problem
In the last entry on cultural challenges in application security series, we introduced the “Security is Special” problem. We described the problem where application security issues hold a trump card...
View ArticleClik here to view.
A Message That Resonates
A couple of weeks ago I posted an article on managing security requirements on agile development at InfoQ. I was pleasantly surprised to see a number of development / agile folks respond positively to...
View ArticleClik here to view.
Mobile Application For Your Hacking Pleasures
A short while back we released ExploitMe Mobile (EMM), our free, open source project demonstrating common Mobile Security vulnerabilities in the iOS and Android platforms. ExploitMe Mobile is a...
View ArticleClik here to view.
400 Apps in 40 Days: the art of balancing time and budget in application...
The topic of prioritizing applications in terms of risk is an important one to us and our clients, so I wanted to share one potential approach that has worked for us in the past. Consider the following...
View Article
