Simple Rules To Stop Bad Guys

Hi, RockyH here, I was browsing for IT security news from the hotel this evening and came across this gem:   That’s it. Of course there is no information about who to email, and why should their be. If they can’t figure out how to tell the difference between malicious traffic and real traffic other…

9

Application Security Development Lifecycle 5A: Is Threat Modeling Right For You?

Several enterprises are increasingly investing time and money in building application security tasks into their existing SDLCs. Some of them have also reached the conclusion that proactive approaches , like threat modeling, have more ROI than reactive approaches. As a result, some enterprises with nascent appsec programs have turned to threat modeling as a panacea…

0

Application Security Development Lifecycle 4: Finding the right security talent

After about an hour of nodding his head vigorously in agreement with some of our lessons learnt, my customer jumped up and exclaimed, " Great!! Now where do I find another 20 people like these?" (pointing to my team)… I thought about it a while and so Mr. B here is your answer: Information security…

0

How Microsoft IT does Secure Application Development: Webcast

Technorati Tags: Conference,SDLC,SDL,IT,ISV I will be discussing Microsoft IT’s approach to secure application development, with a special focus on how we integrate security into the IT line-of-business SDLC, in a webcast this Thursday May 29th. This webcast will be part of the Microsoft’s IT Manager Webcast series. This series aims to share deep knowledge focused…

5

Application Security Development Lifecycle 3: Funding Models

Now that you’ve decided (or battled) to set up an application security program you realize that it actually needs to get funded.  You must master the art of delicately drinking from the fire hydrant of line of business applications. In my experience helping organizations set up their application security programs funding was perhaps the most…

1