By Lauren Madrid
It’s been a busy few weeks around here, and Denim Group has been quoted in a few articles recently.
Over at TechTarget, Dan Cornell is participating in the Ask the Expert series, answering questions about security. A recent question deal with migrating applications or hardware to the cloud. Check out “Migrating legacy applications to a cloud environment” (registration required) to know what to consider before moving to cloud servers.
And also on TechTarget Dan is talking about mobile application security, and how it’s connected to web services and the cloud.
Organizations are more concerned about application security than ever and have a growing awareness of security concerns. SearchSoftwareQuality.com’s newest expert, Dan Cornell, principal of software consulting company Denim Group, discusses mobile security, what organizations can do to build security requirements into software and security challenges in cloud ALM. He views the most serious concerns with mobile software security as falling into two major areas: 1) how organizations expose their users to risk, and 2) how applications expose the companies themselves to risk.
John Dickson gave his two cents about San Antonio as a cybersecurity hub in Global Corporate Xpansion magazine.
“There's a critical mass of companies and talent here that realistically make it the No. 2 cybersecurity node outside of the D.C. area — certainly on the services side,” says John Dickson, principal, Denim Group Ltd. “We've got the strong foundation of a good business climate and a very reasonable cost of living, but what's interesting is how in the last few years we've stepped up information sharing that didn't used to happen. Today this cross-pollination between the local commercial sector, UTSA and the military is having a big impact, especially on our workforce. We suspect there will be even more companies that will want to relocate or organically grow here.”
John also recently gave a cool webinar on BrightTALK on better logging for security.
Security professionals have years of experience logging and tracking network security events to identify unauthorized or malicious activity on a corporate network. Unfortunately, many of today's attacks are focused on the application layer, where the fidelity of logging for security events is less robust. Most application logs are typically used to see errors and failures and the internal state of the system, not events that might be interesting from a security perspective. Security practitioners are concerned with understanding patterns of user behavior and, in the event of an attack, being able to see an entire user’s session. How are application events different from network events? What type of information should security practitioners ensure software developers log for event analysis? What are the types of technologies that enable application-level logging and analysis? In this presentation, John Dickson will discuss what should be present in application logs to help understand threats and attacks, and better guard against them.