We’ve been beating the drum for some time now, expressing our opinions of web application firewalls (WAFs). You might have sided with us on this issue, are against us, or are just tired from it all by now. This post is about to change all that, and show that we are not 100% […]

I see that the BlackHat Blogger’s Network has a topic of interest.  I’ll oblige, especially since The Hoff is involved.  I think it’s a good exercise, so I’ll have to thank Shimel for this idea.
You also won’t want to miss what I’ve said about virtualization four months ago in Hardware VM security: past and present.  […]

I wanted to do a post about “what web application security really is” because plenty of people out there don’t get it.  They understand that “security attacks are moving from hosts to the Web”, but they have no idea what that means.  To most people, web application security is the same thing as website security.  […]

Today I am going to cover a topic that is the most important to me: software security. When I talk about “software security”, I refer to the process of building applications — the artifacts, components, and capital that goes into making a polished product. Applications are something that development teams worldwide strive to […]

Arbor Networks has a blog post up today about Using RPKI to Construct Validated IRR Data.  Resource PKI (RPKI) is an extension to X.509 to allow for IP address (prefix) and AS identifiers (autonomous system numbers — the organization-based assigned number used by the Border Gateway Protocol to get you or your ISP “online”).
My first […]