Be sure to classify and be careful with your fix! When you conduct an application security assessment, whether it’s a static analysis scan, dynamic analysis scan, penetration test, or code review, you are going to be presented with a set of vulnerabilities to fix. Often times, there are more vulnerabilities... Continue reading

Our customers are interested in reducing application security risk. Over the years we’ve seen a variety of approaches to this problem and have helped many customers on their path toward more secure applications and reduced risk. It’s interesting that you can categorize most approaches into these three areas Find and... Continue reading

2011 saw the development of mobile applications rise like we have never seen before. We all knew this would happen, I suppose just not this quickly. In fact a recent story in the New York Times suggests that there are approximately 15,000 mobile apps being released every week. The increase... Continue reading

The OWASP Top Ten List is one of the best informal standards and guidelines for web application security -- it is a listing of common threats that result from weak design or implementation activities during software development and deployment. As a reflection of what's gone wrong in the industry, it's... Continue reading

I’m a software developer at heart, but my real passion for secure design is the result of my experience conducting penetration tests and code reviews on our customer’s applications. I routinely find dozens of vulnerabilities that are the result of bad design, and these are often the most difficult to... Continue reading