Tuesday, June 24, 2008

A few cool mentions in the press via HP

HP put out some pretty cool announcements over the last few weeks. HP is offering the Application Security Center suite of products in a SaaS model which is new.  I was quoted in a few articles if you are interested in reading more here is the link:

 

http://www.computing.co.uk/itweek/news/2217703/hp-offers-security-service

 

I think this just shows that HP has an ongoing commitment to application security which I expect will only grow.  Given that the industry now agrees that security needs to be an integral part of the SDLC this is a very logical direction for HP to continue to move in.

Testing & Finance conference - AJAX/SOA/Web 2.0

2 June 2008 : I had the pleasure of speaking at the Testing & finance conference in Frankfurt Germany back on the 2nd of June.  It was a very good crowd and it was nice to see that application security was getting attention by the finance industry, and not just the security guys in the finance industry but the business leaders as well.  I gave a talk on AJAX/SOA/Web 2.0 security, which I have to thank Billy Hoffman for the majority of the content.

 

If you would like a copy of the slides they are available here:

http://www.lifecyclesecurity.com/files/Testing_Finance_2_June_2008.pdf

Ruby flaws send security researchers into shock

The Register is reporting that a fairly major security issue was found in Ruby, the open source programming language, "which forms the foundation of Ruby on rails"

http://www.theregister.co.uk/2008/06/23/group_patches_ruby/

 

The vulnerability was originally found by Drew Yao of Apple Product Security according to The Register

 

IMHO this only goes to demonstrate that we need to be vigilant in verifying the security of any system we use to build our business on.  Both open source and commercial software packages can have issues.  To quote the old Russian saying "trust but verify".