Coverage of Sentinel / Snort Integration from Michael Montecillo

By Dan Cornell

Michael Montecillo from the analyst firm Enterprise Management Associates recently put up a blog post discussing the integration between WhiteHat Sentinel and Snort we built.  It was also covered by Dark Reading a while back.

The integration takes the manually-reviewed vulnerability results from Sentinel and generates targeted Snort rules to identify attempts to exploit the identified vulnerabilities.  This is exceptionally helpful for streamlining the IDS/IPS configuration process because you can apply aggressive inspection and protection where you know you are most vulnerable.

Thanks to Michael for the mention.  The integration project was a fun and exciting one and helps to increase the value of both Snort and Sentinel.  Folks who saw my OWASP AppSec DC 2009 presentation on Vulnerability Management in an Application Security World know that we have some more things to be released shortly that continue this trend of making disparate application security technologies work together more effectively.

Please contact us if you would like more information about WhiteHat Sentinel as well as integrating assessment results with IDS/IPS and WAF systems.

--Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from Denim Group's Posterous

Denim Group Recommendations for Smart Grid Security

By Dan Cornell

Today we released some recommendations for utility companies who are looking to adopt advanced metering and smart grid technologies.  These recommendations are intended to help them address potential security weaknesses and vulnerabilities early in the system design, development and deployment process.  With the increasing focus on the potential of smart grids and the funding being used to promote them it is critical that utility firms consider security throughout the lifecycle or they risk putting critical infrastructure at risk as well as incurring huge costs for retrofitting and remediation.

See the press release online: Denim Group Advises Utility Companies to Plan for Security Threats to Smart Grid Technologies

Contact us for more information about how to address security risks associated with advanced metering and smart grids.

--Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from Denim Group's Posterous

New OWASP Board Members Announced

By Dan Cornell

The results of the recent OWASP Board Member election are in.  Congratulations to Matt Tesauro and Eoin Keary!

More details are available on the OWASP Wiki:

http://www.owasp.org/index.php/Board_member

--Dan

dan _at _denimgroup.com

@danielcornell

Posted via email from Denim Group's Posterous

OWASP Vulnerability Management in an Application Security World Slide Deck Online

By Dan Cornell

My slide deck from OWASP AppSecDC on Vulnerability Management in an Application Security World is now online.

You can get it from the Denim Group website: Vulnerability Management in an Application Security World.

It is also available on SlideShare:

Vulnerability Management In An Application Security World: AppSecDC

View more documents from Denim Group.

Contact us if you are interested in more information about how to manage and remediate application level vulnerabilities.

--Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from Denim Group's Posterous

John Dickson's Permanent Campaign Slide Deck from Denver ISSA Online

By Dan Cornell

John Dickson’s slide deck from his Denver ISSA presentation is now online.  You can get it from the Denim Group resources web page: The Permanent Campaign.

It is also online at SlideShare:

The Permanent Campaign

View more documents from Denim Group.

Contact us if you would like more information about creating secure software development lifecycles (SDLCs).

--Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from Denim Group's Posterous

Webinar Resources Online: Jump Start You Application Security Knowledge

By Dan Cornell

The content from Jeremiah Grossman and John Dickson’s most recent webinar is now online.

Title: How to Jump-Start Your Application Security Knowledge: For the Network Security Guy Who Knows Nothing about Application Security

PDF slide deck is available online: How to Jump-Start Your Application Security Knowledge

And the slides are up in SlideShare:

The webinar recording is also available online: https://whitehatsec.market2lead.com/go/whitehatsec/webinar_jumpstart1009

Contact us if you would like more information about application security resources for security professionals.

--Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from Denim Group's Posterous

Security Centers of Excellence

By Dan Cornell

Michael Montecillo had a great blog post tracing the history of many of today’s security companies.  He looks at some key organizations that spawned many of today’s leading security firms.  In the post, he traces two of the organizations that have John Dickson as an alumni: the United States Air Force Computer Emergency Response Team (AFCERT) and Trident Data Systems.  Thanks for the mention, Michael!

--Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from Denim Group's Posterous

Denim Group at OWASP AppSec 2009 in Washington DC

By Dan Cornell

Next week is going to be a busy one for Denim Group folks.

I will be at the OWASP Summit 2009 representing the OWASP San Antonio Chapter, OWASP Open Review Project as well as the OWASP Global Membership Committee.

Then we roll into OWASP AppSec DC where I will be joined by John Dickson and Lee Carsten.  Denim Group is sponsoring the morning coffee break on Thursday, and then I will be speaking later that day.  First I will be giving a talk on Vulnerability Management in an Application Security World and then I will be participating in the SDLC Panel.  You can also come visit us at our booth.

Like I said – busy week.  There is still time to register.  The OWASP AppSec conferences tend to be some of the least expensive, highest-value conference out there and this one is shaping up to be more of the same.

If you are going to be in town email John or I or catch up with us on Twitter: @danielcornell and @johnbdickson

--Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from Denim Group's Posterous

John Dickson Quoted in New York Times Article on Cybersecurity

By Dan Cornell

Denim Group’s John Dickson was quoted in a New York Times article San Antonio Built Community Coalition to Land Cyberwarfare Headquarters by Thom Shanker.  He talked about the San Antonio business community’s role in attracting the 24^th Air Force headquarters.  We’re thrilled to have the 24^th based here in town and we look forward to our large information security community working with them to support their mission.

--Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from Denim Group's Posterous

John Dickson Speaking at Denver ISSA

By Dan Cornell

John Dickson will be speaking at the Denver ISSA meeting this Wednesday (October 21^st, 2009).

Topic: The Permanent Campaign: Driving a Secure Software Initiative in the Enterprise

This presentation focuses on how security officers or development leaders can apply a disciplined approach to building internal consensus to build secure software. A five-step process will be laid out that will enable a manager to characterize the landscape, secure management buy-in, baseline the existing risks, set modest goals and attempt to achieve them, and sustain the initiative. Emphasis will be on actionable steps that successful managers have used to drive the adoption of secure software strategies in large organizations.

Date/Time: Wed. Oct 21st 2009 / 11:30 - 1:30  (NOTE: 3rd Wed. of the month)

Site: Republic Plaza, 370 17th Street, Denver, CO (Downtown Denver)

http://www.issa-denver.org/

--Dan

dan _at_ denimgroup.com

@danielcornell

Posted via email from denimgroup's posterous