best practices

HealthCare.gov: Basic Security Failures and IT Bloopers

Secure Ideas has tested hundreds, if not thousands, of applications over the years we have been in business.  Based on this experience, along with our public classes and presentations around application security, Dave Kennedy of TrustedSec asked me to review the details of security flaws within HealthCare.gov.  As part of this review, Dave provided a …

HealthCare.gov: Basic Security Failures and IT Bloopers Read More »

Scary Web Services: Part 2

This post may seem timely in light of the recent Snapchat compromise.  Although Snapchat’s breach appears to be due to some poor assumptions around an “internal” Snapchat API, it is not the type of traditional web service that I was thinking about when I was planning this post.  This said, Snapchat’s API is still technically …

Scary Web Services: Part 2 Read More »

Professionally Evil Speaking: Addressing the Real Issues Around Compliance in the Cloud Panel

Secure Ideas is excited to announce that I will be speaking as part of a panel later this month.  On January 30th in Denver, Colorado, the Addressing the Real Issues Around Compliance in the Cloud panel will be held at Mile High Station.  This panel will run from 4pm to 6pm. Faced with HIPAA, PCI, FISMA …

Professionally Evil Speaking: Addressing the Real Issues Around Compliance in the Cloud Panel Read More »

Scroll to Top