By Rich
Adrian and I are proud to release our latest whitepaper: Building a Web Application Security Program.
For those of you who followed along with the blog series, this is a compilation of that content, but it's been updated to reflect all the comments we received, with additional research, and the entire report was professionally edited. We even added a couple pretty pictures!
We're very excited to get this one out, since we haven't really seen anyone else show you how to approach web application security as a comprehensive program, rather than a collection of technologies and one-off projects. One of our main goals was to approach web application security as a business problem, not just an isolated technology issue.
We want to especially thank our sponsors, Core Security Technologies and Imperva. Without them, we couldn't produce free research like this. As with all our papers, the content was developed independently and completely out in the open using our Totally Transparent Research process. In support of that, we also want to thank the individuals who affected the end report through their comments on the Securosis blog: Marcin Wielgoszewski, Andre Gironda, Scott Klebe, Sharon Besser, Mike Andrews, and ds (we only reveal the names they list as public in their comments).
This is version 1.0 of the document, and we will continue to update it (and acknowledge new contributions) over time, so keep coming with the comments if you think we've missed anything or gotten something wrong.
–Rich
Posted at Tuesday 10th March 2009 11:16 am
Filed under:
(3) Comments •
(0) Trackbacks •
Permalink
By Rich
We're proud to announce a new whitepaper dedicated to best practices in endpoint DLP. It's a combination of our series of posts on the subject, enhanced with additional material, diagrams, and editing. The title is (no surprise) Best Practices for Endpoint Data Loss Prevention. It was actually complete before Black Hat, but I'm just getting a chance to put it up now.
The paper covers features, best practices for deployment, and example use cases, to give you an idea of how it works.
It's my usual independent content, much of which started here as blog posts. Thanks to Symantec (Vontu) for Sponsoring and Chris Pepper for editing.
–Rich
Posted at Tuesday 12th August 2008 9:39 am
Filed under:
(1) Comments •
(0) Trackbacks •
Permalink
By Adrian Lane
We are going to be working on another paper with SANS- this time on database encryption. This is a technology that offers consumers considerable advantages in meeting security and compliance challenges, and we have been getting customer inquiries on what the available options are. As encryption products have continued to mature over the last few years, we think it is a good time to delve into this subject. If you're on the vendor side and interested in sponsorship, drop us a line. You don't get to influence the content, but we get really good exposure with these SANS papers.
–Adrian Lane
Posted at Tuesday 15th July 2008 11:15 pm
Filed under:
(1) Comments •
(0) Trackbacks •
Permalink
By Rich
One of the most under-appreciated aspects of DLP solutions is content discovery- scanning stored data to identify sensitive content, classify information, and (in some cases) even protect the data. Major DLP tools have long evolved past just scanning network traffic for credit card and Social Security Numbers.
Today I'm releasing a new whitepaper on the topic: DLP Content Discovery: Best Practices for Stored Data Discovery and Protection.
The paper covers features, best practices for deployment, and example use cases to give you an idea of how it works.
It's my usual independent content, much of which started here as blog posts. Thanks to Symantec (Vontu) for Sponsoring and Chris Pepper for editing.
–Rich
Posted at Monday 19th May 2008 4:10 am
Filed under:
(0) Comments •
(0) Trackbacks •
Permalink
