Two nice articles from Dinis Cruz (Chief Owasp Evangelist) regarding application security assessment by IBM:
Filed under:
Security Assessment
Follow Me on
Dr. Emin İslam Tatlı
Latest Tweets
RT @oezcanacar: http://t.co/5rUGGmvh beta yayinina basladi. Son hatalari gidermek icin beta kullanicilarinin yardimini bekliyoruz. http://t.co/LKstV6wG
RT @huseyinkursun: MİT Yandex için Kurumları uyardu http://t.co/M9ceLDM9
http://t.co/37h9OAV3
It is a good idea to explain one's research focus in the past and future within a scientific paper. Here is such... http://t.co/hTO5IPro
Books I’m reading
Categories
- Anonymity (1)
- Book Review (2)
- Cryptography (2)
- Cyber Security (1)
- Database Security (2)
- General (1)
- Password Security (1)
- Pentest (2)
- Privacy (3)
- Secure Coding (5)
- Secure SDLC (5)
- Security (3)
- Security Assessment (4)
Tags
aes
Anonymity
Appscan
assessment
book
book review
bsimm
certificates
checklist
clasp
cyber security
database
design
encryption
facebook
google
ibm
identity
java
mahremiyet ihlalleri
owasp
owasp-tr
password
pattern
pentest
Privacy
privacy violations
pseudonymity
research
samm
search
secure coding
secure sdlc
security
security training
ssl
Turkey
Thanks
Note the date on those posts, it was in 2009. Unfortunately IBM is still quite far away from that. I think it will take a big event for them to really change.
Meanwhile, this is the kind of analysis that I hoped we would be doing by now using their technology (diniscruz.blogspot.com/2011/07/finally-here-is-how-i-have-been.html)
Hi Dinis,
IBM invests quite much on tools (Appscan, Ounce-Lab, database firewalls etc.). But the biggest problem is developers. They are not really trained about secure coding. IBM needs to take this issue seriously into consideration. IBM can interact with OWASP more, for example. I am saying all these as a former IBMer.