[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] some answered questions

From: "Schmidt, Albert E" <AES@xxxxxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] some answered questions
Date: Fri, 19 Jan 2007 15:17:42 -0500

I am fortunate, I do not have to sell my services to the agencies I
audit (they get them rather they like them or not).  

I can understand the dilemma in trying to get a company to buy a web
application security review.  Companies may not understand the risks
associated with web application; however, they do understand money.  To
sell your services you will need to show a company the losses suffered
from other companies that have not secured their web applications.  The
problem will for small companies, whose profits might demise if they
implement a secure web site.


-----Original Message-----
From: Jeremiah Grossman [mailto:jeremiah@xxxxxxxxxxxxxxx] 
Sent: Friday, January 19, 2007 2:25 PM
To: Web Security
Subject: [WEB SECURITY] some answered questions

Every once in a while I come across some really good webappsec  
material that people might have missed. Sylvan von Stuppe published a  
pair of excellent posts asking some important questions while  
offering compelling insights. I've been wanting to answer a few of  
them, but have found it challenging to do so without pondering for  
days/weeks. And then I have no idea if any answer supplied is vaguely  
on the mark.

Anyway, here ya go...

A Rude Awakening
http://sylvanvonstuppe.blogspot.com/2007/01/rude-awakening.html

Making Security Rewarding
http://sylvanvonstuppe.blogspot.com/2006/12/making-security- 
rewarding.html


Regards,

Jeremiah Grossman
Chief Technology Officer
WhiteHat Security, Inc.
http://www.whitehatsec.com/



------------------------------------------------------------------------
----
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- [WEB SECURITY] some answered questions
  - From: Jeremiah Grossman

Prev by Date: [WEB SECURITY] some answered questions
Next by Date: [WEB SECURITY] Crawling Ajax-driven Web 2.0 Applications
Previous by thread: [WEB SECURITY] some answered questions
Next by thread: RE: [WEB SECURITY] some answered questions
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site