Automated Patching Will be New Reality
How fast can you update your production web application after an update is released? The answer better be within minutes. Automated testing and deployment is the only way.
Automate Security Scans with Continuous Integration
Learn how to automatically run bundle-audit and brakeman in your CI suite with an example for TravisCI.
Equifax Missed Defense in Depth, Allowing a Massive Data Breach
More than bad patch management, the weakness was Equifax's failure to design with the assumption that the front-end web server would be compromised.
Troubling ISP Privacy Repeal: The Data Will be Breached
With a green light from Congress & President Trump, your ISP may begin some really creepy business practices that endanger your family's privacy and security.
Americans' Access to Strong Encryption is at Risk, an Open Letter to Congress
The track record of data breaches demonstrates an uncomfortable truth: when sophisticated adversaries want to hack a network, they will ultimately win. With a government mandated encryption backdoor, hackers will make Americans less safe both at home and abroad.
Breach Prevention for Developers Talk at Kennesaw State University
As an information security professional, it’s critical to know something about how custom web applications are developed and the impact that has on application security.
Intro to App Sec Podcast Interview
Frank was the guest on the August 29, 2016, Intro to App Sec Episode of the Advanced Persistent Security podcast. Listen here.
The MongoDB hack and the importance of secure defaults
If you have a MongoDB installation, now would be the time to verify that it is secure. Tim Kadlec has written a must read post.