This is Jason Taylor's Typepad Profile.
Join Typepad and start following Jason Taylor's activity
Join Now!
Already a member? Sign In
Jason Taylor
Recent Activity
Part 5 of 5 - Attaining a High Level of SDLC Maturity To view the previous post in this five-part series, click here. In order to achieve a high-level of SDLC maturity, an organization needs to define a set of security engineering activities, processes and policies that can be layered... Continue reading
Posted Oct 17, 2013 at Application & Cyber Security Blog
Part 4 of 5 - How do you know how you're doing if you aren't measuring? To view the previous post in this five-part series, click here. Assessment In order to think strategically about your investments in application security, it’s important to define and measure your risks. In order to... Continue reading
Posted Oct 10, 2013 at Application & Cyber Security Blog
Part 3 of 5 - The Need for More Educated Development Teams To view the previous post in this five-part series, click here. Despite the rapid change of technology and the rise of new platforms such as cloud and mobile, the majority of organizations do not have a formal application... Continue reading
Posted Oct 3, 2013 at Application & Cyber Security Blog
Part 2 of 5 – The importance of Standards & Policies To view the previous post in this five-part series, click here. Application security policies are focused on how applications are securely developed. The goal of an application security policy is to define the business’s security expectations for the development... Continue reading
Posted Sep 26, 2013 at Application & Cyber Security Blog
Part 1 of 5 - the Facts of the Case Security Innovation and the Ponemon Institute recently released our Current State of Application Security report, which was based on researched designed to better understand the maturity of an organization’s application security program in comparison to the core competencies of high-performing... Continue reading
Posted Sep 17, 2013 at Application & Cyber Security Blog
Be sure to classify and be careful with your fix! When you conduct an application security assessment, whether it’s a static analysis scan, dynamic analysis scan, penetration test, or code review, you are going to be presented with a set of vulnerabilities to fix. Often times, there are more vulnerabilities... Continue reading
Posted Jun 19, 2012 at Application & Cyber Security Blog
Image
Our customers are interested in reducing application security risk. Over the years we’ve seen a variety of approaches to this problem and have helped many customers on their path toward more secure applications and reduced risk. It’s interesting that you can categorize most approaches into these three areas Find and... Continue reading
Posted May 1, 2012 at Application & Cyber Security Blog
2011 saw the development of mobile applications rise like we have never seen before. We all knew this would happen, I suppose just not this quickly. In fact a recent story in the New York Times suggests that there are approximately 15,000 mobile apps being released every week. The increase... Continue reading
Posted Jan 24, 2012 at Application & Cyber Security Blog
The OWASP Top Ten List is one of the best informal standards and guidelines for web application security -- it is a listing of common threats that result from weak design or implementation activities during software development and deployment. As a reflection of what's gone wrong in the industry, it's... Continue reading
Posted Dec 8, 2011 at Application & Cyber Security Blog
I’m a software developer at heart, but my real passion for secure design is the result of my experience conducting penetration tests and code reviews on our customer’s applications. I routinely find dozens of vulnerabilities that are the result of bad design, and these are often the most difficult to... Continue reading
Posted Sep 28, 2011 at Application & Cyber Security Blog