Did you know that the humble Domain Name Service (DNS) that you manage can be utilized in the detection of breaches, intrusions and malware infections within your organization? It’s true! The Domain Name Service is a foundational service used to access the Internet, so control of DNS equates to control of Internet traffic within the networks under your… Read More
Pop Quiz! Test your OWASP knowledge and earn credit.
There is a frequent question I get from each of my client organizations at least twice a year and that is, “Does your organization adhere to the OWASP Top 10 and is it part of your software development life cycle (SDLC)?” Well, currently, there are no certification exams and no formal training available so how… Read More
Re-Post: C-Suite Slipping on Information Security, Study Finds
The analysis in this article is consistent with my research to date and I thought it worth sharing. I would suggest however that given the input from one of the largest audit firms creates a scenario that I refer to as the “Self-Licking Ice Cream Cone” and should be objectively consumed. It is quite ironic… Read More
ETA – Estimated Time of Arrival in the Android Market
I have a new application in the Android Market today called ETA located here: ETA is the awesome new way to track your favorite people. ETA, otherwise known as Estimated Time of Arrival, is a clever application that answers the question other people ask you so frequently; where are you and how long will it… Read More
PenTest Magazine: The Security Trifecta – IT Security Governance Demystified
PenTest Magazine just released their latest issue and my article, The Security Trifecta – IT Security Governance Demystified is included. You may find it here and also directly from the publisher here. Enjoy!