Recently, I’ve been doing a fair amount of work in the SOA area. It’s funny how many folks want to expose ancient code directly to untrusted third parties. All is not well in the SOA space, and it’s important to understand the risk of web service enabling calls to “trusted” systems. That code is generally…
Category: OWASP
Ajax Security Presentation up
Here’s the quick and dirty preview of the new Ajax chapter of the Guide 2.1. It’s also some of the first real guidance anywhere on Ajax security – period. It was interesting to find so many apps adopting Ajax, but so little information on how to secure it. Ajax Security Presentation (PDF, 1.8 MB) If…
PHP Security Architecture: SABSA approach
There are only a few acknowledged industry security architectures. SABSA (best documented in Enterprise Security Architecture by Sherwood, Clark and Lynas) is probably the best known. The various artifacts from this architecture include: Each of these layers needs to be thought about in a considered way: (Business) Drivers Why do you want X / How…
PHP Security Architecture – Contextual Overview
Overview The problem with PHP is that it has no security architecture. What do I mean by security architecture? A single pervasive vision for security, which will last for approximately five years with little or no design maintenance. A robust security architecture creates a balance between functionality and risk, and ensures that by default, simple…
Working on OWASP
Have the June 27 deadline to meet. It’s coming along nicely, and so is my procrastination 🙂 BlackHat still hasn’t contacted me about travel and I’m starting to get worried about that. It’s tricky to get tickets at discount rates during peak travel times, and their tardiness is not my problem. Andrew
The Guide continues
Met Dan and Ange, Jason and Michelle, and Dennis and his partner, and Margaret for breakfast in Williamstown today. Tried a new place, which is literally next door to my favorite breakfast haunt. It’s freaky to try something new after four or so years of the old, particularly freaky as the new place is right…