J Wolfgang Goerlich's thoughts on Information Security
Starbucks gift card fraud

By wolfgang. 15 May 2015 12:42

Starbucks is in the news as criminals abuse its online services through fraudulent gift card purchases. On the surface, the issue appears to be about consumers’ passwords and the poor practices around their use. There is more to the story, however, and I would argue two deeper concerns are the real issue. The first is in how emerging payment systems are monitored and secured. The second is in how online services are developed and maintained. 

Read the rest at: http://content.cbihome.com/blog/starbucks_giftcard_fraud

Tags:

Application Security | Risk Management

Securing The Development Lifecycle

By wolfgang. 6 March 2015 10:31

One line. Ever since the Blaster worm snaked across the Internet, the security community has known that it takes but one line of vulnerable code. Heartbleed and iOS Goto Fail made the point again last year. Both were one line mistakes. Even the Bash Shellshock vulnerability was made possible by a small number of lines of code.

To manage the risk of code-level vulnerabilities, many organizations have implemented security testing in their software development lifecycle. Such testing has touch-points in the implementation, verification, and maintenance phases. For example, an organization might ...

Read the rest at http://content.cbihome.com/blog/securing-development-lifecycle

Tags:

Application Security | Security

    Log in