Dir Buster

I thought I would put this post someone else made of DirBuster. I remember playing around with it and tried it on the web applications that I work on. It was impressive how well it did find the directories within our site.

Comment on blog about - Multi-Step Authentication Processes: Lockout Policies

I saw this blog and thought it was a good idea. I'm always on the lookout for new ideas for web application security. What I like about the concept in this one is using session to track failed authentication. It's a good way to stop the not so smart bad guys from trying to play and play with username/pwd's combinations. You can view the blog here. Enjoy!

defect vs vulnerability

In developing applications and working with a QA team as well as dealing with security I see the very good point in this article, defect vs vulnerability. I think all web developers need to worry about security to some point. Part of it will depend on what type of application you are developing and the other is what industry you are in. A good phrase for me to keep things in perspective is "Security is about risk management.". It's nice to know how a specific security flaw works especially as a developer but a developer serves the business so don't lose sight of the risk. Don't get caught up in the technical aspect of all security flaws b/c you will miss the boat on what risk you need to manage for your application.