DevSecOps: The Solution to the Equifax Problem

By now, most Americans have heard of the breach of over 143 million (and counting) U.S. consumer’s financial data to hackers earlier this month.  A well-published vulnerability in Apache Struts (CVE-2017-5638) was not patched for months in Equifax applications.  This vulnerability was readily available to hackers and exploited against critical systems holding data such as […]

Read more
Setting up your ‘Black Box of Privacy’

In a previous post I outlined a bunch of ideas for keeping your internet usage private. Towards the end of the post, I indicated that I would provide follow-ups for setting up the configurations outlined. Well, this is the first of those posts. There were three examples that I had saved for working through. Each […]

Read more
Building and Testing Secure Mobile Apps
Mobile Security

Mobile application development has been on the rise lately because of the convenience mobile apps have to offer. Despite the occurrence of security breaches performed on mobile devices recently, security testing is not as emphasized as other forms of quality testing measures such as user acceptance or functional testing. Just last year, hackers in China […]

Read more
3 Essential Components to Building a Security Testing Practice

Nearly every organization dreads the “S-word,” but security should be something we embrace early instead of avoiding until the last minute. It’s strange that we would delay something that could derail our entire application release to the very end when we know we will have no time to address it. Fear of the unknown and fear of failure are […]

Read more