Observations from HIMSS

I was at the Healthcare Information and Management Systems Society (HIMSS) national conference last week in Atlanta. Overall, the conference wasn’t much different than past years. From an information security perspective the presentations and conversations were limited, but there were a number of interesting things that I took away from the conference. 
First and foremost, healthcare [...]

Manual vs. Automated Testing

. . . no single application assessment or code review product could find more than about 35% of the total vulnerabilities GE could find with a manual process. That alone should encourage anyone serious about eradicating vulnerabilities within their applications to step it up a notch!

What is happening in the application security arena?

According to Gartner, 75% of the attacks are coming though web applications and not through the network. This means greater emphasis needs to be placed on application security. However, this does not appear to be happening.

Brand Reciprocity Revoked by Visa and MasterCard: What It Means for Merchants

With brand reciprocity revoked, we need to take a look at a merchant’s transactions by card brand. By taking a look at these individual card brand transaction volumes, we can assist the merchant in making a determination of its merchant level status and the corresponding type of validation required.

IP Traceback: Has Its Time Arrived?

In simple terms, IP traceback allows for the reliable identification of the source of IP traffic, despite techniques such as IP spoofing. Maybe its time has finally come.