Alan Weinkrantz’s Stream of Life

www.alanweinkrantz.com 
Tags


Filed under

Application Security

 
January 25, 2010

Texas Lyceum's “Our Growing Lives Online: Safe or Not?” - San Antonio Feb 5 / 6 - The Great Debate

via youtube.com

The Texas Lyceum convenes its first quarterly meeting of 2010 in San Antonio to tackle the sensitive topic of risks associated with our connected lives.

The weekend will explore the risks we incur by having much of our information available and potentially vulnerable on the Internet. Be it social media, online banking or buying something on E-bay, hackers are increasingly able to piece together information from disparate sources to put our reputation, finances, and identities at risk.

The centerpiece for the weekend will be the first public debate of the Lyceum’s 2010 “Great Debate” series. The debate, to be televised statewide via public television, will tackle the thorny issue of whether existing laws and technologies adequately protect our data and identities in an online world.

Panelists will represent opposing viewpoints in this debate – hackers and privacy advocates who will argue these protections are inadequate, and security leaders and government leaders who will argue that laws and technologies are closing the gap.

The weekend will include interactive and team activities to help Lyceum Directors better understand how these privacy and security risks affect their day-to-day lives. An intended goal of the weekend will be to raise the level of awareness for Lyceum Directors regarding public policy involving online security and privacy.

The backdrop of the conference will be San Antonio and its growing cyber security industry. Acknowledging that San Antonio is becoming an emerging center of computer security activity, the United States Air Force is currently locating its 24th Air Force Cyber Command at the city’s Lackland AFB.

Click here for the weekend agenda.

Members of the media, industry analysts and bloggers covering security and privacy issues, please contact me - alan at weinkrantz dot com for more information.

Loading mentions Retweet
Filed under  //   Application Security   Cyber Command San Antonio   Cyber Security Advisor   Denim Group   Howard Schmidt   John Dickson   Security San Antonio   Texas Lyceum  

Comments [1]

January 15, 2010

Client, Denim Group, Previews Release of its Vulnerability Manger - Java/Spring/Hibernate-based web application allowing organizations to automate and centrally manage administration of many of the functions of an application security program

Client, Denim Group just made the “technology preview” release of their Vulnerability Manager application available.  This is an internal Denim Group project they’ve been working on for a number of months.  It has been through a number of private and semi-public demonstrations, so they are really excited to make it available to a broader audience.

If you're an industry analyst, journalist, or blogger covering application security, reach out to me at: alan at weinkrantz dot com for a briefing.

Here's a quick overview....

Vulnerability Manager is a Java/Spring/Hibernate-based web application allowing organizations to automate and centrally manage administration of many of the functions of an application security program:

· Create and maintain a portfolio of applications

· Import and merge vulnerability results from a variety of free and commercial static and dynamic scanning tools

· Automatically generate WAF and IDS/IPS rules for identified vulnerabilities (virtual patching)

· Track attack statistics for vulnerabilities based on WAF and IDS/IPS logs

· Bundle vulnerabilities and send them to defect tracking systems

· Track team maturity practices according to standards such as OpenSAMM

There is an online screencast demo here:

Vulnerability Manager sprung from a number of conversations and engagements we had with clients discussing the problems they faced getting application security programs working in their organizations.  At Denim Group we have been fortunate to have the opportunity to work with folks across the spectrum of application security maturity and we think we have assembled some capabilities that will be compelling to many organizations.

Please remember, this is a “technology preview” release of the application.  What this means is:

· In short – it still needs serious work before I would put it in production.  Please be kind and constructive in your feedback

· It works well for our example files under controlled conditions.  Outside of those circumstances…  good luck (please let us know about any issues)

· The application has not been through a proper security review and has, in fact, been built in an ad hoc manner that we are aggressively working to correct (please do as we say, not as we’ve done thusfar)

· A number of must-have features surrounding configuration and workflow have not yet been completed.  Those are in progress

· Vulnerability Manager” is a terrible name for an application and we promise to come up with something cooler

If you explore the Vulnerability Manager site you can see a demonstration video showing how this works as well as some screenshots.  You can also download a running Tomcat-hosted version of the code.  We welcome feedback – especially constructive feedback.  Please submit feedback here.
Contact Denim Group for more information about Vulnerability Manager and how you can use it to improve your application security program.

 

Loading mentions Retweet
Filed under  //   Application Security   Dan Cornell   Denim Group   Vulnerability Manager  

Comments [0]

January 6, 2010

Client, Denim Group, Provides Guidance on Application Security Trends for 2010

Client, Denim Group, an IT consultancy and strong contributor to the larger application security community, has just announced that it foresees shifts in the application security landscape this year. As a trusted advisor to many Fortune 500 and large public sector organizations, the firm has just announced its guidance on the top application security trends for 2010.

eWeek broke the story earlier.  You may view the release on Yahoo Finance here.

Loading mentions Retweet
Filed under  //   Application Security   Dan Cornell   Denim Group   Internet Security   John Dickson   Network Security  

Comments [0]

October 27, 2009

Journalists, Industry Analysts, Bloggers....need topical experts for Application Security? Follow client, @danielcornell and @johnbdickson / Denim Group

Members of the media, industry analysts, and bloggers - if you need topical expertise on Application Security, Software Security and issues critical to assessing and mitigating risks with their existing software  please reach out to me at alan at weinkrantz dot com.  I'll connect you with client, Denim Group.  

Follow Denim Group Principals - @danielcornell and @johnbdickson on twitter.

graphic done using Wordle.net
mode: space; -webkit-line-break: after-white-space; ">



Loading mentions Retweet
Filed under  //   Application Security   Dan Cornell   Denim Group   John Dickson   Secure Software  

Comments [0]

October 1, 2009

Client, Denim Group, Featured on Building43 Interview with @scobleizer

via building43.com

Here is client, Denim Group's @danielcornell and @johnbdickson talking about application security and broader security issues at large.

Many thanks to @scobleizer and the whole Rackspace team including @kr8tr and @rjamestaylor for helping to make this happen.

Loading mentions Retweet
Filed under  //   Application Security   Building43   Dan Cornell   Denim Group   John Dickson   Web Application Security  

Comments [0]

August 27, 2009

Social Networks and Security: What Your Teenager Likely Won't Tell You

via slideshare.net

I'm lucky to learn from my clients. In this case, check out what client, Denim Group has to say about Social Network and Security.....

Loading mentions Retweet
Filed under  //   Application Security   Denim Group   Social Networking Security  

Comments [0]

August 27, 2009

Denim Group's Dan Cornell in Houston next week to speak to OWASP Chapter

Be sure to follow Dan on Twitter

Loading mentions Retweet
Filed under  //   Application Security   Dan Cornell   Denim Group   OWASP Houston  

Comments [1]

August 5, 2009

Video: Client, Denim Group's John Dickson Reflects on Black Hat 2009

via youtube.com

John Dickson, Principal at Denim Group, reflects on his recent travels to Black Hat 2009. John talks about smart metering technology, the electric smart grid, security breaches, application security strategies, and the landscape of the security industry.

Loading mentions Retweet
Filed under  //   Alan Weinkrantz   Application Development   Application Security   Black Hat 2009   Denim Group   John Dickson   Secure Application Development  

Comments [0]

July 29, 2009

Media: Need a Security Wizard Source at Black Hat 2009? Meet client, @johnbdickson, talking about his company teaming with WhiteHat Security

via youtube.com

If you are at Black Hat 2009, meet @johnbdickson.

His company, Denim Group, an IT consultancy that develops secure software and helps organizations assess and mitigate risks with their existing software, just announced that it's teaming with WhiteHat Security, to expand its portfolio of services by offering WhiteHat Sentinel for ongoing website vulnerability management to quickly and accurately identify security defects in Web applications.

Loading mentions Retweet
Filed under  //   Application Development   Application Security   Black Hat 2009   Denim Group   Jeremiah Grossman   WhiteHat Security  

Comments [0]

July 28, 2009

News From Black Hat 2009: Client, Denim Group, Teams Up with WhiteHat Security - Yahoo! Finance

businesswire

Denim Group Teams Up with WhiteHat Security

Partnership Allows Denim Group to Offer Clients a Full Portfolio of Protection and Application Risk Management Services Including Ongoing Website Vulnerability Management

SAN ANTONIO & LAS VEGAS--(BUSINESS WIRE)--Today at Black Hat USA 2009, Denim Group, an IT consultancy that develops secure software and helps organizations assess and mitigate risks with their existing software, announced today that it has teamed with WhiteHat Security, the leading provider of website risk management solutions. The partnership enables Denim Group to expand its portfolio of services by offering WhiteHat Sentinel for ongoing website vulnerability management to quickly and accurately identify security defects in Web applications. A related video to this announcement may be viewed at: http://tinyurl.com/nzkrcy.

“Today, more than 70 percent of hacker attacks worldwide are actively targeting websites, and 80% of sites have a serious vulnerability, so the importance of website security cannot be overstated,” said Jeremiah Grossman, founder and CTO of WhiteHat Security. “We’re pleased to partner with an experienced application security provider like Denim Group to ensure that companies have ongoing website vulnerability management oversight which enables them to protect critical data, ensure compliance, and narrow the window of risk.”

The WhiteHat Sentinel family of website security solutions delivers the visibility, flexibility and control that enables companies to secure their websites, regardless of company size or volume of applications. WhiteHat Sentinel delivers accurate, and verified results via an on-demand, SaaS-based subscription service, combining advanced proprietary automated scanning technology with expert analysis. Once software vulnerabilities are identified, Denim Group’s seasoned development team can prioritize risks and quickly remediate security defects found in its customers’ applications. In addition, Denim Group offers website security training, providing everything from individual courses to entire training and process improvement initiatives targeted at those building, testing, and managing custom software.

“This partnership allows Denim Group to use White Hat’s technology to provide its clients with ongoing vulnerability assessment for their Web application portfolio,” said Dan Cornell, principal of Denim Group. “In addition, we can accelerate remediation times for WhiteHat’s customers and offer targeted education services on Web application security so that the same vulnerabilities don’t get reintroduced.”

About Denim Group

Denim Group develops secure software, helps organizations assess and mitigate risk with existing software, and provides training on best practices in software security. Denim Group has worked with a range of Fortune 500 companies and public sector organizations, bringing a focused software development approach to the world of software security. The Company provides clients with secure .NET and Java development services and remediates serious software flaws in existing application portfolios. Denim Group also identifies vulnerabilities and quantifies risks that vulnerable applications represent through assessments, code reviews, and application-focused penetration testing. Training complements Denim Group’s development and testing services by helping organizations build an internal competency in secure software development and testing through a combined classroom instruction and e-Learning approach.

Denim Group is a strong contributor to the larger application security community, and has been involved with the Open Web Application Security Project (OWASP) since shortly after its inception. Additionally, Denim Group was ranked 1101 in Inc. Magazine's 5000 Fastest-Growing Private Companies in America in 2008.

For more information about Denim Group, visit www.denimgroup.com.

About WhiteHat Security, Inc.

Headquartered in Santa Clara, California, WhiteHat Security is the leading provider of website risk management solutions that protect critical data, ensure compliance and narrow the window of risk. WhiteHat Sentinel, the company’s flagship product family, is the most accurate, complete and cost-effective website vulnerability management solution available. It delivers the visibility, flexibility, and control that organizations need to prevent Web attacks. Furthermore, WhiteHat Sentinel enables automated mitigation of website vulnerabilities via integration with Web application firewalls. To learn more about WhiteHat Security, please visit our website at www.whitehatsec.com

Recommended Social Tags: Denim Group, WhiteHat Security, Vulnerability Assessment

Reader Contact Information:

Denim Group, 3463 Magic Drive, Suite 315; San Antonio, TX 78229, Tel: 210-572-4400,
Fax: 210-572-4401, www.denimgroup.com, john@denimgroup.com.

WhiteHat Security, Inc., 3003 Bunker Hill Lane, Suite 220; Santa Clara, CA 95054, Tel: 408-343-8300, Fax: 408-904-7142, www.whitehatsec.com, sales@whitehatsec.com.

Denim Group is a registered service mark of Denim Group, Ltd.

Other names and brands may be claimed as the property of others.

Contact:

Agency Contact:
Alan Weinkrantz, 210.820.3070
alan@weinkrantz.com
or
Denim Group Contact:
John B. Dickson, CISSP, 210.572.4400
john@denimgroup.com
via finance.yahoo.com

 

Loading mentions Retweet
Filed under  //   Application Security   Black Hat 2009   Dan Cornell   Denim Group   Jeremiah Grossman   White Hat Sentinel   WhiteHat Security  

Comments [0]