Georgia SB 315 anti-hacking law dangerously misses the mark of protecting people, making us all less safe

If Georgia SB 315 becomes law, computer security experts will stop reporting vulnerabilities in good faith because doing so could lead to their criminal prosecution under dangerously broad anti-hacking law.

Lay off the marketing plugins. Equifax hit with fake Flash update.

Equifax caught distributing malware. Be careful what you allow to be included in your website to avoid these sorts of hacks.

Automated Patching Will be New Reality

How fast can you update your production web application after an update is released? The answer better be within minutes. Automated testing and deployment is the only way.

Automate Security Scans with Continuous Integration

Learn how to automatically run bundle-audit and brakeman in your CI suite with an example for TravisCI.

Equifax Missed Defense in Depth, Allowing a Massive Data Breach

More than bad patch management, the weakness was Equifax's failure to design with the assumption that the front-end web server would be compromised.

Engine Yard's 17 Rails Security Tips

Troubling ISP Privacy Repeal: The Data Will be Breached

With a green light from Congress & President Trump, your ISP may begin some really creepy business practices that endanger your family's privacy and security.

Americans' Access to Strong Encryption is at Risk, an Open Letter to Congress

The track record of data breaches demonstrates an uncomfortable truth: when sophisticated adversaries want to hack a network, they will ultimately win. With a government mandated encryption backdoor, hackers will make Americans less safe both at home and abroad.

Breach Prevention for Developers Talk at Kennesaw State University

As an information security professional, it’s critical to know something about how custom web applications are developed and the impact that has on application security.

Intro to App Sec Podcast Interview

Frank was the guest on the August 29, 2016, Intro to App Sec Episode of the Advanced Persistent Security podcast. Listen here.