I’ve been busy in the world of Web security testing – both with work and with writing. Check out these new pieces on the subject. I suspect I’ll tick off a “researcher” or two given my business angle and 80/20 Rule-approach of focusing on the most problematic areas of Web security…Still, I hope that these are beneficial to you and what you’re trying to accomplish in your organization:
Key Web application security metrics
Taking politics out of the Web security equation
Getting back to basics with Web security
Core causes of Web security risks and what you can do about them
Security Considerations When Using AWS Cloud Services
The Big Security Oversight When Using Amazon Web Services
By the way, with the continued banter/debate around vulnerability assessments v. audits. v. pen tests, here’s my two cents on the subject:
Is it a pen test, an audit, or a vulnerability assessment?
Don’t forget to check out all of my other information security content at www.principlelogic.com/resources