Jemurai's Digital Stream of Consciousness
Open source January 27, 2017
At Jemurai, we contribute extensively to OWASP Glue and use it on some of our projects where it makes sense to tie together automation around security. We kept seeing the same types of integration challenges and found that it was useful to have a common starting point to solve them. It is far from perfect and we would refer people to alternatives like ThreadFix and OWTF
Strategy January 17, 2017
At Jemurai, we often find ourselves in situations where a company wants to build their own application security program but doesn’t really know how. That’s a common and very understandable problem given the trends in the industry (increasing focus on app security) and the inherent complexity of doing application security well. We take great pride teaching and coaching organizations such as these to build successful programs. Inevitably there comes a point where they want to hire someone to “run AppSec.” Often, we’ll be asked for feedback on resumes or about candidates. This happens often enough that I wanted to take a minute and write down some of the things we’ve learned and how we approach situations such as these.
Security December 22, 2016
I don’t have much time to listen to Sports Radio anymore, but I used to love to listen to Mike & Mike on ESPN Radio. They had a segment called Predictions, Sure to Go Wrong which was clearly their way of having fun making predictions while making fun of themselves and admitting they really had a strong likelihood of being wrong. In that spirit, I offer these predictions for 2017.
Strategy December 17, 2016
As we have worked with clients in the back half of 2016, we have started to help them think about their 2017 strategies. There are a couple of major themes we see again and again that are interesting.