AppSec Blog

Ask the Expert - Chenxi Wang

This is the second in a series of "Ask the Expert" articles where we chat with leaders in the software development and application security space. Our guest is Chenxi Wang, Ph.D., who is Vice President and Principal Analyst at Forrester Research. A leading expert on content security, application security, and vulnerability management, Chenxi leads the … Continue reading Ask the Expert - Chenxi Wang


Ask the Expert - Jeremiah Grossman

This is the first in a series of "Ask the Expert" articles where we chat with leaders in the software and application security space. Our first guest is Jeremiah Grossman who founded WhiteHat Security in August 2001. A world-renowned expert in Web security, Jeremiah is a founder of the Web Application Security Consortium (WASC), and … Continue reading Ask the Expert - Jeremiah Grossman


Forms Authentication: Remember Me? Its Hard Not Too!

ASP.Net Forms Authentication is a great way to authenticate users for the application. Microsoft has done a really good job at implementing this to make it simple and straightforward for developers. Forms Authentication allows for a user to enter their user name / password combination for an application and have that validated against a backend … Continue reading Forms Authentication: Remember Me? Its Hard Not Too!


What's the point of application pen testing?

Penetration testing is one of the bulwarks of an application security program: get an expert tester to simulate an attack on your system, and see if they can hack their way in. But how effective is application penetration testing, and what should you expect from it? Gary McGraw in Software Security: Building Security In says … Continue reading What's the point of application pen testing?


AppSec at RSA 2012 Conference

I attended the RSA conference last week in San Francisco for the first time, and enjoyed the city. Excellent restaurants like Slanted Door, Canteen, Barbacco and especially Commonwealth, the Wharf, Chinatown, the almost perfect weather. I was surprised at the scale of the conference, the impressive number of IT security professionals who came from everywhere, … Continue reading AppSec at RSA 2012 Conference