17 Nov 2010

Security Media / Analysts / Bloggers - How to Guide for Software Security Vulnerability Remediation from Client, #DenimGroup

Client, Denim Group, has a compelling presentation on the subject of Software Security Vulnerability Remediation.  It's a handy and very practical "How to Guide" that can be adapted as source material for stories on the subject.

Denim Group does a lot of software security remediation projects, so they put together a how-to-guide based on their experiences.

How-To-Guide for Software Security Vulnerability Remediation

Most internal development teams are experts with coding and application development but lack the tools and methodology needed to efficiently remediate security flaws in web applications.

Denim Group's consultants are all practicing developers who track the latest software trends and methodology and have the expertise to fix vulnerabilities in the source code.

If you are a journalist, blogger or analyst looking for year-end security wrap up stories, or stories for 2011 trends, please reach out to me - alan at weinkrantz dot com and I will connect with Denim Group CTO - Dan Cornell.

View more documents from Denim Group.

 

7 Jun 2010

Media / Bloggers / Analysts Covering #ApplicationSecurity - Now Available from Client #DenimGroup: The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise

via slideshare.net

If you're a member of the media, blogger or industry analyst covering #ApplicationSecurity, client, John Dickson, CISSP from Denim Group is available for insights and interviews on the concept of The Permanent Campaign.

Reach out: alan at weinkrantz dot com for interview information.

15 Feb 2010

State-wide PBS Stations to Broadcast Texas Lyceum’s Recent Great Debate - “Our Growing Lives Online; Safe or Not” #TexasLyceumSA

Last weekend, client, John Dickson, Denim Group Principal and Conference Chair of the  Texas Lyceum - #TexasLyceumSA acted as Conference Chair for the Texas Lyceum’s first quarterly meeting of 2010.

 

Starting this Thursday, regional PBS stations in Texas will air the Great Debate. It’s great to see the issue of Cyber Security being brought to the mainstream and out of the techie world. Thought leaders like John Dickson are contributing to conversation. You can follow John onTwitter.

Air times for the broadcast are as follows:

Amarillo > KACV > Thursday, February 18 at 8:00 p.m.

Austin > KLRU > Thursday, February 18 at 8:00 p.m.

Corpus Christi > KEDT > Thursday, February 18 at 7:00 p.m.

El Paso > KCOS > Sunday, February 21 at 1:00 p.m.

Killeen > KNCT > will air it in April

Houston > KUHT > Sunday, February 21 at 4:00 p.m.

Lubbock > KTXT > Sunday, February 21 at 1:00 p.m.

Midland/Odessa > KPBT > Thursday, February 18 at 8 p.m.

San Antonio > KLRN > Thursday, Feb. 18 at 8:00 p.m.

Waco > KWBU > Sunday, February 21 at 1:30 p.m.


 

1 Feb 2010

San Antonio Mayor, Julian Castro, Welcomes Attendees to this weekend's Texas Lyceum

via vimeo.com

The Texas Lyceum convenes its first quarterly meeting of 2010 in San Antonio this weekend to tackle the sensitive topic of risks associated with our connected lives.  If you are attending, please make sure to use #TexasLyceumSA for the Twitter hashtag.

Here's San Antonio Mayor, Julian Castro's commentary...

25 Jan 2010

Texas Lyceum's “Our Growing Lives Online: Safe or Not?” - San Antonio Feb 5 / 6 - The Great Debate

via youtube.com

The Texas Lyceum convenes its first quarterly meeting of 2010 in San Antonio to tackle the sensitive topic of risks associated with our connected lives.

The weekend will explore the risks we incur by having much of our information available and potentially vulnerable on the Internet. Be it social media, online banking or buying something on E-bay, hackers are increasingly able to piece together information from disparate sources to put our reputation, finances, and identities at risk.

The centerpiece for the weekend will be the first public debate of the Lyceum’s 2010 “Great Debate” series. The debate, to be televised statewide via public television, will tackle the thorny issue of whether existing laws and technologies adequately protect our data and identities in an online world.

Panelists will represent opposing viewpoints in this debate – hackers and privacy advocates who will argue these protections are inadequate, and security leaders and government leaders who will argue that laws and technologies are closing the gap.

The weekend will include interactive and team activities to help Lyceum Directors better understand how these privacy and security risks affect their day-to-day lives. An intended goal of the weekend will be to raise the level of awareness for Lyceum Directors regarding public policy involving online security and privacy.

The backdrop of the conference will be San Antonio and its growing cyber security industry. Acknowledging that San Antonio is becoming an emerging center of computer security activity, the United States Air Force is currently locating its 24th Air Force Cyber Command at the city’s Lackland AFB.

Click here for the weekend agenda.

Members of the media, industry analysts and bloggers covering security and privacy issues, please contact me - alan at weinkrantz dot com for more information.

21 Jan 2010

Cyber Security @ Texas Lyceum's “Our Growing Lives Online: Safe or Not?” - San Antonio Feb 5 / 6

The Texas Lyceum convenes its first quarterly meeting of 2010 in San Antonio to tackle the sensitive topic of risks associated with our connected lives. If you are a member of the media, a blogger or industry analyst covering security, contact me - alan at weinkrantz dot com for press credentials.

Titled “Our Growing Lives Online: Safe or Not?” the weekend will explore the risks we incur by having much of our information available and potentially vulnerable on the Internet.  Be it social media, online banking, or buying something on E-bay, increasingly hackers are able to piece together information from disparate sources to put our reputation, finances, and identities at risk.
</object>

The centerpiece for the weekend will be the first public debate of the Lyceum’s 2010 “Great Debate” series. 

The debate, to be televised statewide via public television, will tackle the thorny issue of whether existing laws and technologies adequately protect our data and identities in an online world.  Panelists will represent opposing viewpoints in this debate – hackers and privacy advocates who will argue these protections are inadequate, and security leaders and government leaders who will argue that laws and technologies are closing the gap. 

The Great Debate is Friday, February 5th from 4:00 p.m. – 6:00 p.m. at the Charline McCombs Empire Theater. The event is open to the public for $20 and one can register at www.texaslyceum.org.

 

6 Jan 2010

Client, Denim Group, Provides Guidance on Application Security Trends for 2010

Client, Denim Group, an IT consultancy and strong contributor to the larger application security community, has just announced that it foresees shifts in the application security landscape this year. As a trusted advisor to many Fortune 500 and large public sector organizations, the firm has just announced its guidance on the top application security trends for 2010.

eWeek broke the story earlier.  You may view the release on Yahoo Finance here.
19 Nov 2009

Client, Denim Group, Advises Utility Companies to Plan for Security Threats to Smart Grid Technologies - Yahoo! Finance

SAN ANTONIO--(BUSINESS WIRE)--Denim Group, an IT consultancy that develops secure software and helps organizations assess and mitigate risks with their existing software, is advising utility companies of significant security and privacy risks as they transition to smart grid technologies. With advanced meters and smart grid technologies being deployed, Internet attacks, malware, and privacy breaches have become a bigger risk if the appropriate defenses are not engineered into the system from inception. Far-reaching scenarios involving power to homes being shut down were once remote but have now become feasible.

 

“It will be difficult to put the genie back in the bottle when smart grid technologies are deployed,” said John Dickson, Principal of Denim Group. “Advanced meters are Internet-based network computing devices, with many of the inherent security challenges of traditional network security. There are significant security and privacy implications that we hope are being taken into consideration - protecting these systems shouldn’t be an afterthought. While the cost of prevention is low, the cost of remediation can be extraordinary. The principles we’ve learned from designing and building secure systems and software apply to these smart grid technologies as well and should be rigorously followed.”

“Public Utility Commissions have the unique opportunity to determine the security and integrity of the security metering system,” added Ravi Sandhu, Executive Director of The University of Texas at San Antonio’s Institute for Cyber Security. “Historically, the stand-alone, proprietary nature of the mechanical metering system provided a level of security but limited options for expanded utility and flexibility. Networking these systems requires all parties to re-think the security impact on closed networks and their ecosystems. The integrity of the system network must be maintained and the privacy of the consumers’ data must remain confidential.”

Dickson advises utility companies to consider the following key strategies when deploying smart grid technologies. Dickson has also testified at the Texas Public Utilities Commission on public grid policies.

 

  1. Don’t take on blind faith what hardware vendors communicate about the security of their devices. Ask smart grid technologies suppliers rigorous questions about what 3rd party testing they’ve done.
  2. Build an architecture that implements a defense in depth strategy. Avoid classic single point of failure design flaws that create a “crunchy on the outside, chewy on the inside” security model.
  3. Trust, but verify. Conduct rigorous, recurring 3rd party audits. These audits should follow an agreed-upon format, and focus on the smart grid system from the perspective of an attacker. Testing should be driven for purely compliance purposes, and should emphasize technical aspects throughout. Finally, as technology evolves, ensure that auditing evolves with it.
  4. Conduct detailed threat modeling when new functionality is added to the system. Threat models should provide system designers feedback to build more secure systems.
  5. Understand the impact of who can access these systems, such as administrators, auditors, producers, and customers and precisely what access they have. Put technical controls in place to ensure that these different players cannot access each other's private data.

 

Denim Group is currently working with several public and private initiatives to help certain utility companies address, and mitigate vulnerability issues associated with smart grid and other technologies and have performed assessments of numerous public utilities. Service providers are encouraged to implement the recommendations as earlier in the design process as possible to have a great affect on the security of the smart grid.

About Denim Group

Denim Group develops secure software, helps organizations assess and mitigate risk with existing software, and provides training on best practices in software security. Denim Group has worked with a range of Fortune 500 companies and public sector organizations, bringing a focused software development approach to the world of software security. The Company provides clients with secure .NET and Java development services and remediates serious software flaws in existing application portfolios. Denim Group also identifies vulnerabilities and quantifies risks that vulnerable applications represent through assessments, code reviews, and application-focused penetration testing. Training complements Denim Group’s development and testing services by helping organizations build an internal competency in secure software development and testing through a combined classroom instruction and e-Learning approach.

Denim Group is a strong contributor to the larger application security community, and has been involved with the Open Web Application Security Project (OWASP) since shortly after its inception. Additionally, Denim Group was ranked 1101 in Inc. Magazine's 5000 Fastest-Growing Private Companies in America in 2008.

Reader Contact Information:

Denim Group, 3463 Magic Drive, Suite 315; San Antonio, TX 78229, Tel: 210-572-4400, Fax: 210-572-4401, www.denimgroup.com, john@denimgroup.com.

 

 

Contact:

Agency Contact:Alan Weinkrantz, 210-820-3070alan@weinkrantz.comorDenim Group Contact:John Dickson, 210-572-4400john@denimgroup.com
via finance.yahoo.com

 

27 Oct 2009

Journalists, Industry Analysts, Bloggers....need topical experts for Application Security? Follow client, @danielcornell and @johnbdickson / Denim Group

Members of the media, industry analysts, and bloggers - if you need topical expertise on Application Security, Software Security and issues critical to assessing and mitigating risks with their existing software  please reach out to me at alan at weinkrantz dot com.  I'll connect you with client, Denim Group.  

Follow Denim Group Principals - @danielcornell and @johnbdickson on twitter.

Screen_shot_2009-10-25_at_4

graphic done using Wordle.net
mode: space; -webkit-line-break: after-white-space; ">



1 Oct 2009

Client, Denim Group, Featured on Building43 Interview with @scobleizer

via building43.com

Here is client, Denim Group's @danielcornell and @johnbdickson talking about application security and broader security issues at large.

Many thanks to @scobleizer and the whole Rackspace team including @kr8tr and @rjamestaylor for helping to make this happen.

Next

Alan Weinkrantz's Space


I'm Officing At...

I'm Watching...

I'm Reading...

I'm Listening to these VCs

I'm Reading Texas / Israel Tech News..

Contributors

Alan Weinkrantz

Search

Listing John Dickson

Archive

2012 (28)
2011 (307)
2010 (286)
2009 (369)
Obox Design