So, it seems that the whole VA+WAF discussion is clearly the “hot” topic in webappsec this week.  First up we have the ts/sci post that I linked to earlier, Andre responded, and we also have a post from the guys at CGISecurity.
I’ll first address one of Andre’s comments before getting into the meat of this [...]

Posted in Musings, Security 2 Comments »

Via CodingHorror:
I’ve seen this book before when I taught software engineering, but never been interested in picking it up.  However, just looking at the TOC (see the CodingHorror link above) pretty much tells you all you need to know about the current state of software engineering.
When I joined Florida Tech in 2002, I was asked [...]

Posted in Musings No Comments »

Writing about RSnake’s XSS Worm Contest reminded me of an email conversation we had a while back where the topic of discussion was how to some people “hacks” can look a lot like magic.  Just like performing magic, most hacks (discovered vulnerabilities, findings from penetration testing, security breaches, etc) are based very much off the [...]

Posted in Musings No Comments »

Everyone knows the story of Jack and the Beanstalk (but let me summarize for those that don’t), where Jack trades the family cow, their very last possession, for some magic beans on the way to market where he was supposed to sell it to get some money to feed them.  When Jack’s mum finds [...]

Posted in Musings 4 Comments »