Phishing: Electronic Social Engineering

Was Ronald Reagan thinking about Phishing when he uttered one of the most famous sayings in history … read more


(ISC)2 Launches New Software Security Certification – CSSLP

(ISC)2 announced the release of a brand new certification, entitled the Certified Secure Software Lifecycle Professional (CSSLP), to address educating and certifying people on various aspects of software security.

Covering topics from Secure Software Concepts to Secure Deployment and Operations, weaving through Requirements, Design, Development, Testing and Acceptance, this certification is a welcome addition to the already existing gold standard certifications that (ISC)2 administers such as the CISSP, SSCP, CAP, CISSP-MP/AP/EP.

More information about CSSLP can be found at
A whitepaper on the Need for Secure Software can be found at

OWASP AppSec India – Keynote and Training

My keynote address on “Application Security Trends and Challenges”  and the training session on “Advanced Threat Modeling” went well and a few friends have posted some comments about their experience.

Check it out.

Keynote at OWASP India 2008 – August 20th, 2008

Representing (ISC)2, the global leader in security education and training as their Software Assurance Advisor, I will be delivering the keynote address on Application Security Trends and Challenges in OWASP India 2008.

If you plan to attend or you will be there, come by and say hello. 🙂

Dates – August 20th, 2008 @ 9:00 -10:00 a.m.
Venue – India Habitat Center, New Delhi
More Information, click here

SecuriTRAINED! Be Aware, Be Skilled, Be Certified in Security

What does it mean to be SecuriTRAINED?

Step 1 – Follow Chinese War Strategist, Sun Tzu’ss advice in the “Art of War” “Know Thyself” a.k.a. – Be Aware
Step 2 – Follow Queen Elizabeth II’s advice on “Training” and Be Skilled
Step 3 – Follow Goethe’s advice that “Knowing is not enough, we must apply” and Be Certified

Resource Link – AT&EC Security Solutions Datasheet by SecuRisk Solutions
To be SecuriTRAINED is to Be Aware, Be Skilled and Be Certified in Security … read more

Software without Seatbelts

Would you buy your dream car without seatbelts? Didn’t think so … Then why should you settle for software without seatbelts … read more

Being Unwired, Yet Secure !

Configuring and maintaining securely is critically important to keep electronic trespassers and eavesdroppers away from your wireless networks and sensitive data.

The following are best practices and standards recommended for wireless security:

  1. Develop a wireless security policy.
  2. Periodically assess risks of your wireless networks.
  3. Periodically test and evaluate your wireless security controls.
  4. Develop a secure wireless architecture that is consistent with your policy.
  5. Develop your wireless security plans, factoring in performance, usability and risks supporting your architecture and policy.
  6. Maintain a secure wireless network on an ongoing basis.

Read entire article on Managing Security Risks in a Wireless World (reprinted and better formatted) – Here