Tag Archives: OWASP

VULNERABILITY N+1

AUTHOR: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR As Americans, we love lists.  That fact is self-evident when browsing our favorite blog sites, as many blogs start out with catchy headlines like, “The Top 5 ______ (fill in the blank).”  The love of lists is rooted deeply in our culture. We loved the Top 40 […]

2014 Information Security Hiring Trends: Defense! Defense! Defense!

Yes, it’s another information security predictions article. No, I won’t be discussing APT, China, or anything involving our favorite prefix, “cyber.” Instead, here’s a brief glimpse at what we infosec recruiters are seeing in terms of enterprise demands for security roles. While all infosec positions, from firewall jockey to CISO, remain super-hot, here are some […]

Why should every organization embrace secure development?

Author: Todd Becker, PCI QSA, ISO 27001 Auditor Secure development is not just for software companies and custom application development shops. Embracing secure development practices in IT and procurement functions within an organization ensures that reasonable and appropriate actions are exercised to achieve compliance to regulations and other security requirements. According to a 2013 Ponemon report, […]

Has The OWASP Top 10 Been Effective For Web Applications?

Author: Todd Becker, PCI QSA, ISO 27001 Auditor OWASP just released a new Top 10 for 2013, updating the list of key web application security weaknesses to reflect the evolution of the highest risk vulnerabilities. While everyone loves a good top 10 list, the fundamental question I wrestle with is, has the OWASP Top 10 been […]