We’ve been beating the drum for some time now, expressing our opinions of web application firewalls (WAFs). You might have sided with us on this issue, are against us, or are just tired from it all by now. This post is about to change all that, and show that we are not 100% […]

We all know about the CISSP.  You’ve heard the whispered hallway conversations.  You’ve seen the business cards, the email signatures, and the government contract requirements.  You might even know the secret handshake, or have the magical letters attached to your name somewhere yourself.
Alternatively, you may despise what it has done to the IT security industry […]

I see that the BlackHat Blogger’s Network has a topic of interest.  I’ll oblige, especially since The Hoff is involved.  I think it’s a good exercise, so I’ll have to thank Shimel for this idea.
You also won’t want to miss what I’ve said about virtualization four months ago in Hardware VM security: past and present.  […]

Last week, Richard Bejtlich reviewed “Nmap in the Enterprise,” and for the most part, was largely disappointed with it’s lack of enterprise context. My last script, tissynbe.py, parsed Nessus results in nbe format and inserted them into a MySQL database. Today, I’m making available nmaparse.py, a script that will parse grepable nmap output […]

Apparently Laura Chappell and Mark Curphey were presenting at the Microsoft TecEd 2008 Security Track last week.  I haven’t heard too much about what happened as a result, and I really wish I was there to see them speak about their respective topics.
For those who don’t know Mark Curphey, he was the founder of OWASP, […]