Ramon Krikken

In the recent month I’ve done both a Security Summit talk and a webinar about application security. The gist of the presentations – at least what I wanted customers to take away – is that we can’t sell application security to developers and architects by perpetuating the train-test-fix cycle of pain. It feels, though, like [...]

Comments Off

Category: Applications Security     Tags: application security, csrf, sqli, waf, xml gateway, xss

Share

I have encryption on my mind again a lot lately. It certainly has something to do with work in progress for presentations I’m giving at our Catalyst 2012 conference (“Protecting Data in the Public Cloud: Encryption, Obfuscation, or Snake Oil?” and “Scenarios: Encryption, Tokenization, Anonymization, or None of the Above”). But it’s also because I’m [...]

1 Comment »

Category: Security     Tags: application encryption, application security, Catalyst-NA, data masking, database encryption, Database Security, encryption, snake oil, tokenization

Share

Security at the application-layer is getting ever more attention due to the large number of vulnerabilities that keep popping up in off-the-shelf and home-built software (although, in my opinion, it is still not getting enough attention). Aside from expanding security activities in the SDLC, we’re seeing calls for – amongst things – application monitoring. But [...]

Comments Off

Category: Applications Security     Tags: application security, Database Security, middleware security

Share

We’re always working on updating our software security / application security coverage, and the time has come to spend a few months on gathering new information for the application security program guidance document. To make it more than “here’s another general maturity model – do everything it says,” I’m looking for what makes and breaks [...]

Comments Off

Category: Security     Tags: application security, developer training, security, security summit, security training, software security

Share