Forgot your password?
typodupeerror

Comment Do it yourself vs. hire someone. (Score 1) 1

I work for either Cenzic, HP or IBM.(Alphabetical order) I support end users of application security testing software. If you decide to do it yourself be prepared to invest a lot of time educating yourself on firewalls, protocols, programming languages, web servers, databases and hacking. The application scanning tools will give you a starting point. Most of the top notch consulting firms will use 2 or 3 of the products to develop a base line that they will then manually attack. All developers can write code, writing secure code is an art, that most developers see as a waste of time. Most developers currently don't understand the exploits, so be prepared to train yourself and to train them on the importance of good application security practices. Read a few books on the issue. Attend a few conferences. Learn how to confirm vulnerabilities. Developers hate it when you tell them their code is broken and can not reproduce it for them. Most of the top notch testing firms already understand the software, the attacks, the risks and how to make developers "get it". If you are going to work in this space get ready to learn something new every day.

Slashdot Top Deals

A fanatic is a person who can't change his mind and won't change the subject. - Winston Churchill

Working...