Archive for People

Guests on OWASP Podcast #6

Jim Manico invited Dre and I to join him with Brian Holyfield on this week’s OWASP Podcast. Topics of discussion included our thoughts on web application security, WAFs, training, among others. Give it a listen, and tell us what you think.
OWASP Podcast Series #6 (direct download link)
Brian introduced a tool he has been [...]

SANS Top 25 Procurement Language and the OWASP Secure Software Contract Annex

As many of you have probably already heard, SANS, in a combined effort with MITRE released the CWE/SANS Top 25 Most Dangerous Programming Errors. There have been numerous discussions on both the Secure Coding List and Webappsec mailing lists, along with a column from Gary McGraw and 11 reasons why Top 10 (or Top [...]

Don’t Tell Mom the World is Gonna End

Today, another vulnerability has been making the headlines, various industry security professionals predicting apocalyspe, genocide and famine along with everything in between. It first started earlier this summer, back when Dan Kaminsky, in a multi-vendor coordinated effort, told the world of his DNS vulnerability. Then came the BGP hijacking, disclosed by Tony Kapela [...]

Happy Two-Year Anniversary

Yesterday we celebrated tssci-security.com’s two-year anniversary. I started this site on August 23rd, 2006 during my first internship, and oh my, how the time flew by. A lot of good things have come my way — most as a direct result of this blog. The connections and many good times I’ve had [...]

Week of War on WAF’s: Day 4 — Closer to the code

[ Andre and Marcin ]: For today’s post, we have a guest blogger, Rohit Sethi. We asked Rohit to do this guest post because we feel that his research, along with co-worker, Nish Bhalla, has been influential at solving some unique application security problems. We met Rohit and Nish at Shmoocon 2008 as [...]