LogoSquare

Denim Group Website

About

My Photo
Powered by TypePad
Subscribe to this blog's feed

Recent Posts

Categories

Archives

Add me to your TypePad People list


Programming Blogs - Blog Catalog Blog Directory

Denim Group

February 22, 2013

Search Software Quality: Data Security in a SaaS World

By Dan Cornell

Search_software_quality_logo

Search Software Quality published another of my answers to reader questions:

As a security administrator, I am concerned abou the security of my company's data as it moves between two vendors' SaaS applications. Am I wrong to think that there's a weak link there? What steps can I take to test, monitor and strengthen security when data is en route?

You can see my full answer online where I talk about the importance of understanding how your data is going to be handled and negotiating appropriate legal controls before you start to load sensitive data into SaaS applications (sorry - registration required). For those looking for a quick preview, I talk about:

  • Understanding the SaaS provider's data handling procedures as well as the procedures of any partners who will also have access to sensitive data
  • Shaping your use of the SaaS platform to turn off features that could result in data being communicated to additional parties
  • Maintaining the right to test the security of the SaaS applications on a periodic basis.

SaaS applications can provide great benefits, but you have to understand what data they are going to be allowed to manage and what assurances the provider can give that this will be done correctly. And the time to negotiate these points is before contracts are signed and the provider already has access to your data.

Contact us for help making sure the SaaS applications you rely on treat your data right.

--Dan

dan _at_ denimgroup.com

@danielcornell

February 22, 2013 in Cloud, Dan Cornell, Denim Group, Information Security, Web 2.0, Web Application Security, Web/Tech | | Comments (0) | TrackBack (0)

February 20, 2013

Search Software Quality: Expanding Cloud-Based Technologies - Application Performance Issues

By Dan Cornell

Search_software_quality_logo

Search Software Quality published another of my answers to reader questions:

The cloud changes the application performance management picture, depending on how much or how little data is managed through cloud services. What are the implications of the broadening use of the cloud on application performance issues?

You can see my full answer online where I talk about the different concerns you should look into for Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) application components (sorry - registration required). For those looking for a quick preview, I lay out situations where you should (hopefully) be able to rely on your vendors to meet performance goals - backed up by your SLA, of course - as well as situations where you have to focus on crafting an infrastructure setup to meet your performance goals yourself. I also briefly look at current performance management tools and situations where you might need to roll some of your own solutions to gather the data you will need..

Contact us for help building mobile, web and cloud application with critical security and performance requirements.

--Dan

dan _at_ denimgroup.com

@danielcornell

February 20, 2013 in Cloud, Dan Cornell, Denim Group, Performance Testing, Web 2.0, Web/Tech | | Comments (0) | TrackBack (0)

February 18, 2013

Search Software Quality: Requirements Management Process - Security and Application Performance

By Dan Cornell

Search_software_quality_logo

Search Software Quality published another of my answers to reader questions:

Why is it important for organizations to include security and application performance considerations in the requirements management process, and how can they most effectively do this?

You can see my full answer online where I talk about the importance of capturing these critical requirements early to save time and money later on (sorry - registration required). For those looking for a quick preview, I talk about the cost savings associated with laying out these important classes of requirements early. The focus is on coming to an understanding and making this understanding explicit so that all interested parties can agree up front on the requirements and tradeoffs that must be made in order to meet them.

Contact us for help building mobile, web and cloud application with critical security and performance requirements.

--Dan

dan _at_ denimgroup.com

@danielcornell

February 18, 2013 in Cloud, Dan Cornell, Denim Group, Information Security, Performance Testing, Remediation, Security, Software Security Remediation, Threat Modeling, Web 2.0, Web Application Security, Web/Tech | | Comments (0) | TrackBack (0)

February 13, 2013

Search Software Quality: Understanding Mobile, Web and Cloud Apps and System Architecture

By Dan Cornell

Search_software_quality_logo

Search Software Quality published another of my answers to reader questions:

Can you explain the differences between mobile apps, cloud apps and web apps?

You can see my full answer online where I talk about the importance of understanding how these apps often work together (sorry - registration required). For those looking for a quick preview, I try to move beyond the obvious "mobile apps run on mobile devices" answer and look into the complexity of many modern applications - how they combine aspects of mobile, web and cloud to produce the ultimate user experience. The end result is that system designers - and system testers - need to understand the overall application architecture if they want to have better insight into what parts of their apps are mobile, web-based or cloudy.

Contact us for help building mobile, web and cloud applications.

--Dan

dan _at_ denimgroup.com

@danielcornell

February 13, 2013 in AJAX, Cloud, Dan Cornell, Denim Group, Information Security, Mobile, Security, Threat Modeling, Web 2.0, Web Application Security, Web/Tech | | Comments (0) | TrackBack (0)

January 11, 2013

Search Software Quality: Migrating Legacy Apps to the Cloud

By Dan Cornell

Search_software_quality_logo

Search Software Quality published another of my answers to reader questions:

What does it take to migrate current applications running on in-house hardware to run instead on the cloud?

You can see my full answer online where I talk about some of the key steps involved in the process of moving applications from their legacy hardware into cloud environments (sorry - registration required). For a quick preview, I talk about the need to understand the performance characteristics of applications, have a target architecture and to do extensive testing before the rollover is considered complete. Moving legacy applications off old hardware and into cloud environments can provide a number of benefits, but these projects have to be managed correctly or you run the risk of service disruption and worse.

Contact us for help modernizing the legacy applications in your application portfolio.

--Dan

dan _at_ denimgroup.com

@danielcornell

January 11, 2013 in Application Security Remediation, Cloud, Dan Cornell, Denim Group, Performance Testing, Remediation, Software Security Remediation, Web/Tech | | Comments (0) | TrackBack (0)

January 10, 2013

Search Software Quality: Factors to Consider Developing Apps for SaaS Platforms

By Dan Cornell

Search_software_quality_logo

Search Software Quality published another of my answers to reader questions:

What differences do developers need to take into account when developing applications on SaaS platforms?

You can see my full answer online where I talk about developing applications on SaaS platforms (sorry - registration required). For those looking for a quick preview, I talk about the need to consider multi-tenancy, scalability and robustness, configurability and connectability. SaaS applications are going to continue to become increasingly important, and if you want to be successful building these applications you want to be sure to start out addressing the right concerns.

Contact us for help developing SaaS applications.

--Dan

dan _at_ denimgroup.com

@danielcornell

January 10, 2013 in Cloud, Dan Cornell, Denim Group, Web 2.0, Web/Tech | | Comments (0) | TrackBack (0)

November 16, 2011

Webinar: The Self-Healing Cloud

 

By Dan Cornell

Tomorrow I'll be giving a free webinar called "The Self-Healing Cloud." I'll be discussing automated virtual patching and how it can be successfully employed.

You can sign up for the webinar below. If you're interested in the topic but can't attend the webinar, sign up to receive information after the webinar.

 

Thursday, November 17, 11am (CST)
The Self-Healing Cloud: Protecting Applications and Infrastructure with Automated Virtual Patching
Presented by Dan Cornell

Organizations sometimes deploy applications on their infrastructure without thorough security testing, putting the applications and the infrastructure they are deployed on at risk of exploitation. Application-level vulnerabilities often require coding changes to be fully addressed. Virtual patching is a technique where targeted rules are created for web application firewalls or other IDS/IPS technologies to help mitigate specific known application vulnerabilities. Attendees will learn how to create virtual patches and the nuances of using virtual patches.

 Register Now Button

Contact us for if you are interested in talking more about virtual patching.

--Dan

dan _at_ denimgroup.com

@danielcornell

November 16, 2011 in Cloud | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , ,

September 27, 2011

The Self Healing Cloud: Slides Online

By Dan Cornell

I gave a presentation at OWASP AppSecUS this year in Minneapolis on some work we’ve been doing on automated virtual patching called “The Self Healing Cloud: Protecting Applications and Infrastructure with Automated Virtual Patching” This builds on work we have done on virtual patching in the past and I’m excited that we can finally release some real-world data on how different scanners and protection technologies perform.

Video should be available soon, and the slides are online here:

The Self Healing Cloud: Protecting Applications and Infrastructure with Automated Virtual Patching
View more presentations from Denim Group

Virtual patching is an exciting use case for IDS/IPS and WAF technologies. As we’ve noted before, web application vulnerabilities have a tendency to live much longer than they should. Application code changes take time so virtual patching is a great way to give development teams some “air cover” so they can get their work done while the organization still enjoys a measure of protection.

Contact us for more information about integrating virtual patching into your application security remediation strategy.

--Dan

dan _at_ denimgroup.com

@danielcornell

September 27, 2011 in Cloud, OWASP | | Comments (0) | TrackBack (0)

Technorati Tags: , , , , , , , ,