LogoSquare

Denim Group Website

About

My Photo
Powered by TypePad
Subscribe to this blog's feed

Recent Posts

Categories

Archives

Add me to your TypePad People list


Programming Blogs - Blog Catalog Blog Directory

Denim Group

March 10, 2013

RSA 2013 Video: What's Ailing Enterprise Software Security Management?

By Dan Cornell 

I caught up with Jan Stafford from TechTarget while in San Francisco for RSA 2013 about a week and a half ago. One of the things we talked about were challenges enterprises are facing getting their software security programs firing on all cylinders. You can see the write-up here and the video online here:

RSA_JanStaffordVideo

Apparently people weren't joking when they told me I needed a haircut before I left for RSA...

The article also has a great point from John Dickson, which is that rolling out software security programs in any large enterprise involves a large internal selling component to get development groups on-board with what security teams need from them. Check it out.

Contact us for help getting your software security program on the right track.

--Dan

dan _at_ denimgroup.com

@danielcornell

Related articles
ThreadFix 1.1 Release Candidate Now Available
Search Software Quality: Data Security in a SaaS World
RSA 2013 Video: What's Ailing Enterprise Software Security Management?
Denim Group at BSides Austin 2013: Building Secure Mobile Apps and Software Security Implementation Patterns

March 10, 2013 in Application Security Remediation, Conferences, Dan Cornell, Denim Group, Dynamic Analysis, Information Security, John Dickson, Pro Services Life, Remediation, Scanners, Security, Software Security Remediation, Speaking Events, Static Analysis, ThreadFix Application Vulnerability Management, Web Application Security, Web/Tech | | Comments (0) | TrackBack (0)

January 30, 2013

OWASP Phoenix: Using ThreadFix to Manage Application Vulnerabilities

By Dan Cornell

Owasplogo

I'll be in Phoenix next week on Tuesday February 5th, 2013 speaking to the Phoenix OWASP chapter about ThreadFix.

Title: Using ThreadFix to Manage Application Vulnerabilities

Abstract:

ThreadFix is an open source software vulnerability aggregation and management system that reduces the time it takes to fix software vulnerabilities. It imports the results from dynamic, static and manual testing to provide a centralized view of software security defects across development teams and applications. The system allows organizations to correlate testing results and streamline software remediation efforts by simplifying feeds to software issue trackers. This presentation will walk through the major functionality in ThreadFix and describe several common use cases such as merging the results of multiple open source and commercial scanning tools and services. It will also demonstrate how ThreadFix can be used to track the results of scanning over time and gauge the effectiveness of different scanning techniques and technologies. Finally it will provide examples of how tracking assurance activities across an organization’s application portfolio can help the organization optimize remediation activities to best address risks associated with vulnerable software.

The meeting will be held from 6:30 - 7:30pm at the University of Advancing Technology 2625 W. BASELINE RD. TEMPE, AZ 85283-1056. For more information, check out the main OWASP Phoenix site.

Contact us for help running your software security program on ThreadFix.

--Dan

dan _at_ denimgroup.com

@danielcornell

January 30, 2013 in Application Security Remediation, Application Security Tools, Blogs, Dan Cornell, Denim Group, Dynamic Analysis, Information Security, Open Source, OWASP, Pro Services Life, Remediation, Scanners, Security, Software Security Remediation, Speaking Events, Static Analysis, ThreadFix Application Vulnerability Management, Watchfire, Web 2.0, Web Application Security, Web/Tech | | Comments (0) | TrackBack (0)

October 13, 2009

Denim Group: Inc 5000 Two Years in a Row

By Dan Cornell

This was mentioned a while back, but Denim Group made the Inc 5000 list of fastest-growing privately-held companies in America for the second year in a row.

The press release is here:

·         Denim Group Named to Inc. Magazine 5000 List of Fastest Growing Companies For 2nd Year in a Row

You can also check out our online Inc 5000 profile.

Many thanks to all Denim Group’s customers for allowing us to serve them.  Also thanks to Denim Group’s great employees – we couldn’t do it without you.

--Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from denimgroup's posterous

October 13, 2009 in Denim Group, Pro Services Life | | Comments (0) | TrackBack (0)

September 02, 2009

Work Hard, Play Hard, and e-Learn

We have our share of characters here at Denim Group – brilliant folks who like to work hard and play hard.  Lately we have been putting a lot of work into the upcoming quarterly update of our ThreadStrong application security e-Learning product.  This is a pretty major revision with audio, demonstrations and interactive exercises.  I got a kick out of this email exchange and thought I would post it online.

-----Original Message-----

From: Michael

Sent: ...

To: ...

Subject: e-Learning - Meeting notes - storyboard planning

 

> All:

>

> Here is what we came up with during our storyboard meeting:

>

> -New order for the sections will be:

> 1. Breaches

> 2. Attack demonstration

> 3. What/Why

> 4. SQL injection

> 5. HTTP Basics

> 6. XSS

> 7. Quiz

>

I believe that covers it. I took this picture from the meeting.

-----Original Message-----

From: Bryan

Sent: ...

To: ...

Subject: e-Learning - Meeting notes - storyboard planning

Wow, you know, I'd noticed during today's meeting that we had a lot more productive and intelligent discussion. I was looking back at notes from the last meeting and I think I figured out what our problem was.

Like I said – a real cast of characters.

--Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from denimgroup's posterous

September 02, 2009 in Dan Cornell, Denim Group, Information Security, Pro Services Life, Security, Training, Web Application Security, Web/Tech | | Comments (0) | TrackBack (0)

September 01, 2009

Java User Group San Antonio meeting 6:00 Sep 3, 2009 at New Horizons

http://groups.google.com/group/satjug/web/jug-poster.pdf

The inaugural meeting of the Java Users Group of San Antonio will be Wednesday September 3rd, 2009 at New Horizons at 6:00pm. The presentation will be "Programming in Scala"

Posted via email from denimgroup's posterous

September 01, 2009 in Dan Cornell, Denim Group, Java, Java Users Group, Pro Services Life, Web/Tech | | Comments (0) | TrackBack (0)

August 24, 2009

Social Networking Security Slide Deck Online

By Dan Cornell

John Dickson gave a presentation on the security implications of social networking to a group of CSOs last week.  The slide deck is now online at SlideShare:

Social Networks and Security: What Your Teenager Likely Won't Tell You
View more documents from Denim Group.

John's main point is that CSOs need to approach social networking as a business issue rather than a security issue if they want to maximize their ability to influence policy and implementation.

--Dan
dan _at_ denimgroup.com
@danielcornell

August 24, 2009 in Current Affairs, Dan Cornell, Denim Group, Information Security, John Dickson, Pro Services Life, Security, SoCIAl Networking, Speaking Events, Web 2.0, Web Application Security, Web/Tech | | Comments (0) | TrackBack (0)

August 19, 2009

Denim Group and Fortify Press Release

By Dan Cornell

We released a press release today about our use of Fortify's tools on our software development projects.  John has a video describing the release here:

Press release is here.
Business Journal coverage is here.

--Dan
dan _at_ denimgroup.com
@danielcornell

August 19, 2009 in Application Security Tools, Dan Cornell, Denim Group, Fortify, Information Security, John Dickson, Pro Services Life, Security, Static Analysis, Web Application Security, Web/Tech | | Comments (0) | TrackBack (0)

August 12, 2009

John Dickson's Reflections on BlackHat

By Dan Cornell

Check out this YouTube video for reflections from John Dickson on BlackHat 2009.

And don't forget to follow John on Twitter: @johnbdickson

--Dan
dan _at_ denimgroup.com
@danielcornell

August 12, 2009 in Conferences, Dan Cornell, Denim Group, Information Security, John Dickson, Pro Services Life, Security, Web Application Security, Web/Tech | | Comments (0) | TrackBack (0)

July 27, 2009

John Dickson and Sheridan Chambers at BlackHat

By Dan Cornell

John Dickson and Sheridan Chambers will be out at BlackHat this week. Follow John on Twitter @johnbdickson  Here is a video regarding some of John's plans at BlackHat:



--Dan
dan _at_ denimgroup.com
@danielcornell

July 27, 2009 in Conferences, Denim Group, Information Security, John Dickson, Pro Services Life, Security, Sheridan Chambers, Web Application Security, Web/Tech | | Comments (0) | TrackBack (0)

June 24, 2009

Denim Group Teams with Rackspace Hosting

By Dan Cornell

I'm thrilled to announce Denim Group working with Rackspace Hosting (NYSE: RAX) customers to help them secure their applications via conducting code reviews, delivering secure software development training, and evaluating software development strategies for Rackspace clients.  We've known folks at Rackspace for years and had the opportunity to work with them in a variety of capacities so this is pretty exciting for us: BusinessWire release: Denim Group Teams with Rackspace Hosting

Whether you're hosting your applications in "the cloud" or on good old-fashioned servers, they're still targets for attack.  We're glad to have the opportunity to work with Rackspace and their clients to help reduce their risks.

John put together a brief video about the release:

This has also been picked up by a bunch of other folks:

--Dan
dan _at_ denimgroup.com
Twitter: @danielcornell

June 24, 2009 in Application Security Tools, Dan Cornell, Denim Group, Dynamic Analysis, Information Security, John Dickson, Pro Services Life, Security, Static Analysis, Threat Modeling, Training, Web 2.0, Web Application Security, Web/Tech | | Comments (1) | TrackBack (0)

Next »