Blog

Announcing Jemurai Security Automation Read More
April 13, 2018 -

Its been an exhilarating few weeks.  I had to remind myself to take a breath and blog today. What’s new-ish is that, we have a core team working on a new platform for security automation.  It extends the work we’ve done with Glue and other ideas taken from a great sample of client consulting engagements.  […]

Read More
Developer Resource Impersonation Failures Read More
March 28, 2018 -

Several times in the last few weeks we have looked at applications that have significant issues with “impersonation” features.  What is impersonation? an act of pretending to be another person for the purpose of entertainment or fraud.  (From Google.) In practice, impersonation is a feature that is commonly implemented to allow Customer Support to “see […]

Read More
Developer Resource Dependency Management for Developers Read More
March 20, 2018 -

I recently got asked about best practices for dependency management by an old colleague.  In response, I wrote the following which I realized might be useful to a broader audience. So … things like github’s new notification on this have been automated via platforms like CodeClimate or via Jenkins internally at dev shops for a […]

Read More
Developer Resource Using the OWASP Top 10 Properly Read More
March 7, 2018 -

I have gone to great lengths to strictly separate my OWASP activities from my Jemurai activities in an effort to honor the open and non-commercial aspects of OWASP to which I have committed so much volunteer time and energy. Today I want to cross the streams for a very specific reason, not to promote Jemurai […]

Read More
Application Security The Importance of Your Inventory Read More
February 27, 2018 -

We work with companies building security programs a lot. Across all aspects of the program, the word inventory is a term that seems to have a surprisingly high level of general awareness but a surprisingly low level of common definition. in·ven·to·ry     ˈinvənˌtôrē/ noun 1. a complete list of items such as property, goods in stock, […]

Read More
Application Security Commercial Software Using Open Source Read More
February 1, 2018 -

Here’s an interesting slightly different spin on the otherwise tired “Open Source” vs. “Closed Source” being more secure debate! The topic is inspired by a conversation with a client that is using a whole slew of old open source libraries.  They know they need to update those libraries, but it is very difficult because they […]

Read More
Application Security Tend Your Digital Garden Read More
January 25, 2018 -

Something that is really hard about application security is that it isn’t something you can just point a tool at and be finished at some point in time.  It is always going to take ongoing work.  I like to use the analogy of a garden.  Both the plants in the garden and the conditions around them change […]

Read More
Security Trends Top 5.5 AppSec Predictions Sure To Go Wrong Read More
January 18, 2018 -

In keeping with an all too popular industry practice of producing year end Top 10 lists, at Jemurai we developed a Top 5.5 Application Security Trends for 2018.  It is obviously meant to be a little bit fun, given the “Top 5.5” title, but we tried to capture what we think are significant important things […]

Read More
Turns Out Policy in Markdown in Github Works! Read More
January 12, 2018 -

I’ve seen policies from lots of companies big and small.  Generally, I’m a techie engineer so I don’t love policy.  I’ve also seen a fair number of companies that clearly don’t follow their policy.  I’ve also seen companies that get certifications like SOC2 and ISO that are meaningless because they systematically lie and their auditors […]

Read More
Your Vulnerability Spreadsheet Says More Than You Think Read More
January 9, 2018 -

More often than I’d care to say, I work on projects where a client has a vulnerability spreadsheet to rule them all.  They’re using the spreadsheet to track all of the open items that were found across all of their projects with different tools and pentests. One initial interesting point is that these companies don’t […]

Read More
Menu
Menu
© 2019-2022 Jemurai. All rights reserved.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram