I thought I’d take a moment to post about some web security tools I use pretty often, which help as a security consultant when responding to various web hacking related incidents. These tools have helped me write my own scripts whenever I’m in a jam and need something good and quick to do the [...]

There is no doubt in my mind that some very strong experts out there have put WAF or WAF-like technology to good use.  However, WAF is dead and dying regardless.
I think that very large-installation, Internet-facing web applications require Anti-DDoS technology in the form of an appliance, preferably one that does rate-based behavior detection.  I often [...]

Jim Manico invited Dre and I to join him with Brian Holyfield on this week’s OWASP Podcast. Topics of discussion included our thoughts on web application security, WAFs, training, among others. Give it a listen, and tell us what you think.
OWASP Podcast Series #6 (direct download link)
Brian introduced a tool he has been [...]