Security Ripcord

Day three was the last day of TRISC. I have to say that I did have a good time and I think that I learned a lot and found some useful tools to examine for my organization’s environment.

The most interesting session of the day was given by Jeremiah Grossman of WhiteHat Security. His talk was titled “The Five Stages of Website Security Grief” and it described how web developers, IT managers, executives, and security professionals feel as they address the security of their web applications. He described web application security by walking through the stages of denial, anger, bargaining, depression, and acceptance. It really made a lot of sense and we have probably all seen this type of behavior in one way or another as we have implemented security within our organizations.

Perhaps the most surprising aspect of the conversation was his praise for ASP .NET applications. Apparently this web application development platform provides developers with the proper tools and functions that automatically apply much of the security aspects that are necessary in web applications. Of course casual mistakes and poor implementation are always possible and, just because developers are using a good development platform, development testing and on going assessment and penetration testing during an application’s deployment can not be ignored or avoided.

Well, that is it from TRISC. I hope that you enjoyed my insight and I hope that if you are in Texas or close by you consider coming next year when TRISC is held in San Antonio. In the next couple of days I will try to talk about some of the interesting vendors I was introduced to while here.

Go forth and do good things,
Cutaway

TRISC, Security Ripcord, WhiteHat Security, Jeremiah Grossman, ASP .NET

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.