Scan This! Web Application Security Statistics Released
WASC 2008 results of Web Application Security Statistics shows manual testing finds double the vulnerabilities automated scanning would!
Sears.com Vulnerability Reinforces Need for Manual Testing
New vulnvulnerability in Sears.com website reinforces the need for manual pen testing.
DHS’ Software Assurance Efforts Can Help You
DHS’ “Build Security In” effort is a great example of a government initiative that has a lot of potential to improve software security everywhere. They are providing a lot of great resources you can use, regardless of your business.
Insecure SSL and How PCI “Nearly” gets it Right
Insecure ciphers and protocols are still supported on a very large percentage servers we assess. We strongly advocate removing all insecure ciphers and protocols. The PCI Council nearly made it a requirement to disable SSLv2 – In the words of Maxwell Smart, “They missed it by THAT much”.
Top Vuln Lists – To be or not to be…
Provides a personal opinion on the value and need for Top Vuln Lists within the security community.
Do you use “traditional” penetration testing?
A recent article goes deep into explaining penetration testing and how it should be adapted to focus on software development issues. Hopefully the penetration testing services you are getting are ahead of the curve and are already tailored to provide you this value.
