with Security, sometimes Sacrifies need to be made.


Static Code Analysis for the Enterprise

Tonight I gave a presentation to the local chapter of ISSA concerning Static Code Analysis (SCA) in an Enterprise environment.  The Static Code Analysis for the Enterprise presentation is not about how to technically perform SCA but rather what considerations need to be met in order to successfully accomplish building and maintaining a SCA program in […]

High Volume Automated Testing in Security Testing

Yesterday I gave a presentation at the Workshop on Teaching Software Testing 2013 focusing on High Volume Automated Testing.  The goal was to introduce some of the test techniques (and terminology) which are used in security testing to the practitioners and educators involved in software testing.  The following was cross posted on the WTST website. […]

Spacecoast ISSA Meeting Presentation on SQLi

Earlier this month I provided a presentation on SQL Injection to the Spacecoast chapter of ISSA.  The slides are SQL Injection (SQLi) v2 and the corresponding MindMap is SQLi MindMap. It covers the definitions/types of SQLi, the source of SQLi, evasion techniques, manual test techniques, computer assisted testing (e.g. sqlmap), lastly the the presentation covers […]