[SC-L] AppSec DC Schedule announced, Registration OPEN!

2012-03-05 Thread James Manico
AppSec DC, the East Coast's premier information security conference, returns with AppSec DC 2012 (http http://www.appsecdc.org/://http://www.appsecdc.org/ www http://www.appsecdc.org/. http://www.appsecdc.org/AppSecDChttp://www.appsecdc.org/ . http://www.appsecdc.org/org http://www.appsecdc.org/).

Re: [SC-L] informIT: vBSIMM (BSIMM for Vendors)

2011-04-12 Thread James Manico
Hi Gary, You may wish to consider the OWASP Legal Project at https://www.owasp.org/index.php/Category:OWASP_Legal_Project which is a positive, free, and open resource to assist in building legal contractal agreements around software security with your vendors. The state of NY procurement and

[SC-L] Adobe

2010-10-27 Thread James Manico
I’ve been pretty brutal with my opinions on Adobes security posture lately (an opinion that is far from unique in our industry). However, recent releases of PDF reader give me hope for the future. http://blogs.adobe.com/asset/2010/10/inside-adobe-reader-protected-mode-part-1-design.html

Re: [SC-L] Java: the next platform-independent target

2010-10-21 Thread James Manico
Ben, These threats are only relevant for client-side Java, for the most part. It's my opinion that all enterprises should remove Java from all clients. Java is most commonly deployed server-side which has a completely different threat model than client side Java. A lot of smart people disagree

Re: [SC-L] Ramesh Nagappan Blog : Java EE 6: Web Application Security made simple ! | Core Security Patterns Weblog

2010-01-06 Thread James Manico
Hello Matt, Java EE still has NO support for escaping and lots of other important security areas. You need something like OWASP ESAPI to make a secure app even remotely possible. I was once a Sun guy, and I'm very fond of Java and Sun. But JavaEE 6 does very little to raise the bar when it comes

[SC-L] OWASP Podcast August Update

2009-08-25 Thread James Manico
Hello SC-L! The OWASP Podcast Series continues to accelerate! We released 5 podcasts this month which I hope you find to be of value. 39August 25, 2009Listen Nowhttp://www.owasp.org/download/jmanico/owasp_podcast_39.mp3 | Show Notes /index.php/Podcast_39Interview with Gunnar Peterson

[SC-L] OWASP Podcast Series Update

2009-07-08 Thread James Manico
Hello SC-L, We've been rather busy at the OWASP Podcast Series lately! Since June 1st the OWASP Podcast Team has released 9 Podcasts! Please take a look at our show list at http://www.owasp.org/index.php/OWASP_Podcast#tab=Latest_Shows Recent features Podcasts include 1. An interview with