Last week I was fortunate enough to be invited to a Yahoo event discussing bug bounty programs where all the organizers of these bounties were discussing their experiences. I attended this conference because years earlier I was involved in creating PayPal's bug bounty program and wanted to ask a panel of people...
Sans has write up about a recent flash worm. "A few days ago a lot of media wrote about a Flash worm. I managed to get hold of samples and analyzed it (thanks to Peter Kruse of CSIS for the samples). First of all, while the exploit code contains Flash, it is...
Gary McGraw posted the following to the secure coding mailing list today. "Episode 6 of the Reality Check security podcast features our own Andy Steingruebl chatting with me about Paypal's software security initiative. This was a fun episode for me, because though I have known Andy for a while I had little...
Gary posted the following to the SC-L list today. "hi sc-l, OWASP just posted an interview with me as part of their budding podcast series. It's nice to have the tables turned after doing all the Silver Bullet (and Reality Check) interviews! It's also nice to be able to answer some of...
"Robert C. Seacord and David Chisnall discuss the CERT C Secure Coding standard, developing C standards, and the future of the language and its offshoots. I recently had the opportunity to interview Robert Seacord, author of the recently-published The CERT C Secure Coding Standard. Robert has been deeply involved with C and...
UPDATE: There is a discussion on The Web Security Mailing List discussing possible solutions. Little information has been provided on ClickJacking so I decided to go digging a little bit and talk to the source to find out some additional information. Here's my interview with Jeremiah Grossman on Friday October 3rd. How...
"In this interview, cloudsecurity.org talks to Guido van Rossum about Python, Google App Engine and security. Guido is the creator of the Python programming language and more recently, Google App Engine team member. His involvement with the App Engine project was pretty late - the code "was almost ready for release" when...
"Mozilla released its latest browser, Firefox 3.0, this week. SecurityFocus contributor Federico Biancuzzi tracked down two key members of Mozilla's security team, Window Snyder and Johnathan Nightingale, to learn more about the security features included in this major release. They discussed the protection against phishing and the new malware protection, the new...
There is a short interview at techtarget with the creator of nmap 'fyodor'. Interview Link: http://searchsecurity.techtarget.com.au/topics/article.asp?DocID=1288741
Securityfocus has interviewed one of the developers of the MPack kit. "In June 2006, three Russian programmers started testing a collection of PHP scripts and exploit code to automate the compromise of computers that visit malicious Web sites. "A year later, the MPack kit has become an increasingly popular tool, allowing data...
An interview with Rain.Forest.Puppy has just been released. RPF is one of the original people speaking about appsec vulnerabilities. If you're into appsec well worth the read. Interview Link: http://www.ush.it/2007/05/01/interview-with-rain-forest-puppy/
Anurag Agarwal has been writing up reflections on people within the application security industry. In case you're wondering who is involved from the product, services, and research levels check out his site. Reflection on Robert Auger (me) Reflection on Amit Klein Reflection on Jeremiah Grossman Reflection on Sheeraj Shah Reflection on Ivan...
"Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache...
Nikto is a very popular open source web application security scanner. I emailed the author 'Chris Sullo' asking him about some of his plans, views, and other tool related questions. How long has Nikto been in development and how many people are actively working on it? Although I've had patches and updates...
After the announcement that ModSecurity was purchased by Breach Security I decided to email Ivan and ask him a few questions that many of us are wondering regarding the future of modsecurity. How will the sale of ModSecurity to breach affect existing users? "There are going to be many positive changes resulting...
