Archive for April, 2009

An Overview of Web Application Security

April 30th, 2009 No comments

With the web and business web sites accessible by everyone (including malicious hackers) the security of your web application is at the top of the list of security issues on experienced PHP web developers’ minds. Lets look at some security concerns of PHP Security Developers, and what they can do to make their web applications more secure. Read more…

Categories: Uncategorized Tags:

The RSA Conference: What Happened?

Last week I attended the RSA Conference in San Francisco. I’ve attended this conference for something like six or seven straight years now, and am very familiar with how this conference works and what to expect. Lamentably, this year’s conference was in many respects a letdown for me, however. Normally, the best thing about the RSA Conference is getting to see the security technology vendors “hawk their wares” at the RSA Exposition. Every year several brand new (and often exciting) products are announced and demonstrations are given. Although I walked completely around the expo floor twice or two different days, I did not see any evidence of newness or innovation. I also expect to learn of new features in products, and although there were a few new features in some products, for the most part the security technology I came to see was the “same old same old.” Read more…

Categories: Uncategorized Tags:

More Ranting on the Issue of Dealing with Computer Criminals in Information Security

I’m still pretty keyed up concerning all that happened concerning the message that described as an ISSA International event that announced a webcast in which a convicted computer criminal will participate. I feel compelled to first praise some prominent infosec professionals such as Hal Tipton, Donn Parker, and William Murray, and Karen Worstell who did not shy away from taking and communicating a strong stand on this issue. Read more…

Categories: Uncategorized Tags:

The “Shot Heard Round the World”

I was reading my email yesterday afternoon when a new message from ISSA International arrived. I opened and read it quickly, and then started to get back to tasks at hand when all of a sudden something at the bottom of my message caught my attention. The message announced an upcoming webcast in which a number of speakers were going to participate. One of the speakers was a convicted computer criminal. Read more…

Categories: Uncategorized Tags:

China: Number One in Cyberespionage?

Allegations of the People’s Republic of China being engaged in massive cyberespionage efforts have been in the news quite a bit lately. Just last week a series of break-ins to systems in Canada was believed to have originated from China. A SANS NewsBites item several weeks ago stated: “The Chinese’s extensive reach into all aspects of cyber activity both inside and outside its borders means that there are no secrets it cannot obtain.” Are these allegations true? Read more…

Categories: Uncategorized Tags: