I am delivering training courses on how to build effective processes around application security scanning tools as part of my work for Bounce Security. The course’s official name is “Building a High-Value AppSec Scanning Programme” and it’s unofficial, more fun but less descriptive name is “Tune your Toolbox for Velocity and Value”. This post will serve as a way of getting more information about the course.
The Grinch who stole AppSecEU
Whilst most people were preparing for the festive season, in a shock move OWASP decided to suddenly claw back its flagship conference from the hugely successful OWASP Israel chapter and hold it in the UK (again) instead.
HPKP is pinning^W pining for the fjords – A lesson on security absolutism?
It looks like this standard will not go into widespread adoption but I think we can learn a lesson about InfoSec cost/benefit and the risks of expecting all security controls, everywhere.
The OWASP Top 10 — An update and a chance to have your say
If you care about AppSec, you have until 30th August to have your say on what new items should be in RC2 and until 18th September to provide additional data on vulnerabilities found.
Daily Pen Test reports — Pros and Cons
My thoughts on how daily reporting can both enhance and damage the security testing process.
WannaCry — Do you feel lucky?
Would MS17–010 have received enough attention without WannaCry?