Tech PR | Social Media Advisor | Content Strategist
If you're a member of the media, blogger or industry analyst covering #ApplicationSecurity, client, John Dickson, CISSP from Denim Group is available for insights and interviews on the concept of The Permanent Campaign.
Reach out: alan at weinkrantz dot com for interview information.
The Texas Lyceum convenes its first quarterly meeting of 2010 in San Antonio to tackle the sensitive topic of risks associated with our connected lives.
The weekend will explore the risks we incur by having much of our information available and potentially vulnerable on the Internet. Be it social media, online banking or buying something on E-bay, hackers are increasingly able to piece together information from disparate sources to put our reputation, finances, and identities at risk.
The centerpiece for the weekend will be the first public debate of the Lyceum’s 2010 “Great Debate” series. The debate, to be televised statewide via public television, will tackle the thorny issue of whether existing laws and technologies adequately protect our data and identities in an online world.
Panelists will represent opposing viewpoints in this debate – hackers and privacy advocates who will argue these protections are inadequate, and security leaders and government leaders who will argue that laws and technologies are closing the gap.
The weekend will include interactive and team activities to help Lyceum Directors better understand how these privacy and security risks affect their day-to-day lives. An intended goal of the weekend will be to raise the level of awareness for Lyceum Directors regarding public policy involving online security and privacy.
The backdrop of the conference will be San Antonio and its growing cyber security industry. Acknowledging that San Antonio is becoming an emerging center of computer security activity, the United States Air Force is currently locating its 24th Air Force Cyber Command at the city’s Lackland AFB.
Click here for the weekend agenda.
Members of the media, industry analysts and bloggers covering security and privacy issues, please contact me - alan at weinkrantz dot com for more information.
Client, Denim Group just made the “technology preview” release of their Vulnerability Manager application available. This is an internal Denim Group project they’ve been working on for a number of months. It has been through a number of private and semi-public demonstrations, so they are really excited to make it available to a broader audience.
If you're an industry analyst, journalist, or blogger covering application security, reach out to me at: alan at weinkrantz dot com for a briefing.
Here's a quick overview....
Vulnerability Manager is a Java/Spring/Hibernate-based web application allowing organizations to automate and centrally manage administration of many of the functions of an application security program:
· Create and maintain a portfolio of applications
· Import and merge vulnerability results from a variety of free and commercial static and dynamic scanning tools
· Automatically generate WAF and IDS/IPS rules for identified vulnerabilities (virtual patching)
· Track attack statistics for vulnerabilities based on WAF and IDS/IPS logs
· Bundle vulnerabilities and send them to defect tracking systems
· Track team maturity practices according to standards such as OpenSAMM
There is an online screencast demo here:
Vulnerability Manager sprung from a number of conversations and engagements we had with clients discussing the problems they faced getting application security programs working in their organizations. At Denim Group we have been fortunate to have the opportunity to work with folks across the spectrum of application security maturity and we think we have assembled some capabilities that will be compelling to many organizations.
· In short – it still needs serious work before I would put it in production. Please be kind and constructive in your feedback
· It works well for our example files under controlled conditions. Outside of those circumstances… good luck (please let us know about any issues)
· The application has not been through a proper security review and has, in fact, been built in an ad hoc manner that we are aggressively working to correct (please do as we say, not as we’ve done thusfar)
· A number of must-have features surrounding configuration and workflow have not yet been completed. Those are in progress
· “Vulnerability Manager” is a terrible name for an application and we promise to come up with something cooler
Client, Denim Group, an IT consultancy and strong contributor to the larger application security community, has just announced that it foresees shifts in the application security landscape this year. As a trusted advisor to many Fortune 500 and large public sector organizations, the firm has just announced its guidance on the top application security trends for 2010.
SAN ANTONIO--(BUSINESS WIRE)--Denim Group, an IT consultancy that develops secure software and helps organizations assess and mitigate risks with their existing software, is advising utility companies of significant security and privacy risks as they transition to smart grid technologies. With advanced meters and smart grid technologies being deployed, Internet attacks, malware, and privacy breaches have become a bigger risk if the appropriate defenses are not engineered into the system from inception. Far-reaching scenarios involving power to homes being shut down were once remote but have now become feasible.
“It will be difficult to put the genie back in the bottle when smart grid technologies are deployed,” said John Dickson, Principal of Denim Group. “Advanced meters are Internet-based network computing devices, with many of the inherent security challenges of traditional network security. There are significant security and privacy implications that we hope are being taken into consideration - protecting these systems shouldn’t be an afterthought. While the cost of prevention is low, the cost of remediation can be extraordinary. The principles we’ve learned from designing and building secure systems and software apply to these smart grid technologies as well and should be rigorously followed.”
“Public Utility Commissions have the unique opportunity to determine the security and integrity of the security metering system,” added Ravi Sandhu, Executive Director of The University of Texas at San Antonio’s Institute for Cyber Security. “Historically, the stand-alone, proprietary nature of the mechanical metering system provided a level of security but limited options for expanded utility and flexibility. Networking these systems requires all parties to re-think the security impact on closed networks and their ecosystems. The integrity of the system network must be maintained and the privacy of the consumers’ data must remain confidential.”
Dickson advises utility companies to consider the following key strategies when deploying smart grid technologies. Dickson has also testified at the Texas Public Utilities Commission on public grid policies.
- Don’t take on blind faith what hardware vendors communicate about the security of their devices. Ask smart grid technologies suppliers rigorous questions about what 3rd party testing they’ve done.
- Build an architecture that implements a defense in depth strategy. Avoid classic single point of failure design flaws that create a “crunchy on the outside, chewy on the inside” security model.
- Trust, but verify. Conduct rigorous, recurring 3rd party audits. These audits should follow an agreed-upon format, and focus on the smart grid system from the perspective of an attacker. Testing should be driven for purely compliance purposes, and should emphasize technical aspects throughout. Finally, as technology evolves, ensure that auditing evolves with it.
- Conduct detailed threat modeling when new functionality is added to the system. Threat models should provide system designers feedback to build more secure systems.
- Understand the impact of who can access these systems, such as administrators, auditors, producers, and customers and precisely what access they have. Put technical controls in place to ensure that these different players cannot access each other's private data.
Denim Group is currently working with several public and private initiatives to help certain utility companies address, and mitigate vulnerability issues associated with smart grid and other technologies and have performed assessments of numerous public utilities. Service providers are encouraged to implement the recommendations as earlier in the design process as possible to have a great affect on the security of the smart grid.
About Denim Group
Denim Group develops secure software, helps organizations assess and mitigate risk with existing software, and provides training on best practices in software security. Denim Group has worked with a range of Fortune 500 companies and public sector organizations, bringing a focused software development approach to the world of software security. The Company provides clients with secure .NET and Java development services and remediates serious software flaws in existing application portfolios. Denim Group also identifies vulnerabilities and quantifies risks that vulnerable applications represent through assessments, code reviews, and application-focused penetration testing. Training complements Denim Group’s development and testing services by helping organizations build an internal competency in secure software development and testing through a combined classroom instruction and e-Learning approach.
Denim Group is a strong contributor to the larger application security community, and has been involved with the Open Web Application Security Project (OWASP) since shortly after its inception. Additionally, Denim Group was ranked 1101 in Inc. Magazine's 5000 Fastest-Growing Private Companies in America in 2008.
Reader Contact Information:
Denim Group, 3463 Magic Drive, Suite 315; San Antonio, TX 78229, Tel: 210-572-4400, Fax: 210-572-4401, www.denimgroup.com, john@denimgroup.com.
Contact:
Agency Contact:Alan Weinkrantz, 210-820-3070alan@weinkrantz.comorDenim Group Contact:John Dickson, 210-572-4400john@denimgroup.com
Members of the media, industry analysts, and bloggers - if you need topical expertise on Application Security, Software Security and issues critical to assessing and mitigating risks with their existing software please reach out to me at alan at weinkrantz dot com. I'll connect you with client, Denim Group.
Follow Denim Group Principals - @danielcornell and @johnbdickson on twitter.
NEW YORK & SAN ANTONIO--(BUSINESS WIRE)--Denim Group, an IT consultancy that develops secure software and helps organizations assess and mitigate risks with their existing software, has been named to the Inc. 5,000 list of the fastest growing privately held companies for the second year in a row. Denim Group’s profile may be viewed on the Inc. site at: http://tinyurl.com/nkk9at. The company ranked number 1,751 placing it in the top 1/3 of this group.
“Savvy trend spotters and those who invest in private companies know that the Inc. 5000 is the best place to find out about young companies that are achieving success through a wide variety of unprecedented business models, as well as older private companies that are still expanding at an impressive rate,” said Inc. 5000 project manager Jim Melloan. “That’s why our list is so eagerly anticipated every year.”
Despite the ongoing recession, aggregate revenue among the companies on the list actually increased to $214 billion, up $29 billion from last year, with a median three-year growth rate of 126 percent. The Inc. 5000 are responsible for creating more than 1 million jobs since their founding, making the list perhaps the best example of the impact private, fast-growing companies can have on the economy. Complete results of the Inc. 5000, including company profiles and an interactive database that can be sorted by industry, region, and other criteria, can be found on Inc.com.
“World-class companies such as Denim Group that are based in San Antonio are an asset to our growing security sector,” added Julián Castro, Mayor of San Antonio. “We salute Denim Group's accomplishment and thoughtful leadership in attaining this recognition two years in a row.”
“We are honored to have once again received this recognition from Inc.,” concluded John Dickson, Principal of Denim Group. “We attribute our steady growth to the ever-increasing need for application security among both commercial and government sectors, and look forward to working closer with Rackspace (NYSE: RAX - News), WhiteHat Security, Fortify and others to continue to grow this market.”
About Inc. Magazine
Founded in 1979 and acquired in 2005 by Mansueto Ventures LLC, Inc. (www.inc.com) is the only major business magazine dedicated exclusively to owners and managers of growing private companies that delivers real solutions for today’s innovative company builders. With a total paid circulation of 712,961, Inc. provides hands-on tools and market-tested strategies for managing people, finances, sales, marketing, and technology. Visit us online at Inc.com.
About Denim Group
Denim Group develops secure software, helps organizations assess and mitigate risk with existing software, and provides training on best practices in software security. Denim Group has worked with a range of Fortune 500 companies and public sector organizations, bringing a focused software development approach to the world of software security. The Company provides clients with secure .NET and Java development services and remediates serious software flaws in existing application portfolios. Denim Group also identifies vulnerabilities and quantifies risks that vulnerable applications represent through assessments, code reviews, and application-focused penetration testing. Training complements Denim Group’s development and testing services by helping organizations build an internal competency in secure software development and testing through a combined classroom instruction and e-Learning approach.
Denim Group is a strong contributor to the larger application security community, and has been involved with the Open Web Application Security Project (OWASP) since shortly after its inception. Additionally, Denim Group was ranked 1,751 in Inc. Magazine's 5000 Fastest-Growing Private Companies in America in 2009.
Reader Contact Information:
Denim Group, 3463 Magic Drive, Suite 315; San Antonio, TX 78229, Tel: 210-572-4400, Fax: 210-572-4401, www.denimgroup.com, john@denimgroup.com.
Contact:
Agency Contact:Alan Weinkrantz, 210.820.3070alan@weinkrantz.comorDenim Group Contact:John Dickson, 210.572.4400john@denimgroup.com
Here is client, Denim Group's @danielcornell and @johnbdickson talking about application security and broader security issues at large.
Many thanks to @scobleizer and the whole Rackspace team including @kr8tr and @rjamestaylor for helping to make this happen.
I'm lucky to learn from my clients. In this case, check out what client, Denim Group has to say about Social Network and Security.....
