Premium Sponsor
Premium Sponsor


Advanced Search
Popular Articles
Popular Authors
SubMain - Developer Tools
 »  Home  »  Authors  »  Caleb Sima
Caleb Sima
Caleb Sima is the former co-founder and CTO of SPI Dynamics, which was acquired by HP Software in August 2007. He is now responsible for directing the lifecycle of the HP's Web application security solutions and is the Chief Technologist for the HP Application Security Center. Prior to joining HP, Caleb worked for the elite X-Force R&D team at Internet Security Systems and as a security engineer for S1 Corporation. Caleb is a frequent speaker and press resource on Internet attacks and has contributed to Baseline Magazine and (IN)Secure Magazine as well as being featured in the Associated Press. He is also a Microsoft Most Valuable Professional (MVP) in Visual Developer Security.
Articles by this Author
» Web Application Security: Don't Bolt It On; Build It In
Published 06/12/2008 | Security Web Development | Rating:
In light of breaches in Web application security worldwide, the importance of catching potential areas for intrusion is necessary at the beginning. Performing application vulnerability testing during production (and not after a breach has been detected) can save a company thousands of dollars. The only way to ensure the highest level of security is to build it in from the outset. [read article...]
» Effective Controls for Attaining Continuous Application Security Throughout the Web Application Development Life Cycle
Published 09/28/2007 | Security Web Development | Rating:

Improving your Web application development process is one of the best ways to avoid security vulnerabilities and nasty surprises during security assessments. Learn about the points in the software development life cycle where additional security awareness and training is needed to ensure that your organization remains successful and secure.

[read article...]
» Implementing Effective Vulnerability Remediation Strategies Within the Web Application Development Lifecycle
Published 08/02/2007 | Security Web Development | Rating:

After a security assessment has been performed as part of the web application development lifecycle, it is important to understand how to address and fix any application vulnerabilities that are uncovered. Learn more about the steps that should be taken during the remediation process, from categorization to testing and validation, and find out why collaboration among developers is critical for success.

[read article...]
» Web Application Vulnerability Assessment Essentials: Your First Step to a Highly Secure Web Site
Published 06/21/2007 | Security Web Development | Rating:

It is important for a business to understand the fundamentals of running a vulnerability assessment in order to determine how one will be run and what can be expected from the results. A web application security scanner can automate the process, but a quality assessment may still require actual human eyes to catch specific issues. Learn more about the whys and hows of vulnerability assessments.

[read article...]
» Interpreting the Results of a Vulnerability Assessment: How to Focus on What's Important in Your Web Application Security Testing
Published 03/07/2007 | Security Web Development | Rating:
The results of an extensive vulnerability assessment of a Web application can appear extensive on first review. However, it is important to understand that many Web application security holes found by such an assessment may in fact not matter to an organization's specific situation. Learn more about how to weed through such findings to establish which need to be addressed and which are in fact not urgent. [read article...]
» Web Application Security and Sarbanes-Oxley Compliance
Published 02/01/2006 | Security Web Development | Rating:

An important issue facing companies today is Sarbanes-Oxley compliance, but, as the U.S. Sarbanes-Oxley Act of 2002 (SOX) is relatively new, the implementation of the regulation has not been fully established. The requirements of SOX compliance focus on establishing a system of checks and balances for corporate financial reporting and are designed to hold executives, accountants, and auditors of public corporations to higher standards.

[read article...]
» Security Risk Assessment and Management in Web Application Security
Published 12/16/2005 | Security Web Development | Rating:

Security risk assessment and security risk management have become vital tasks for security officers and IT managers. This article looks at some of the issues.

[read article...]
» Locking the Door Behind You: Hacker Protection for Your Web Applications
Published 10/16/2005 | Security Web Development | Rating:

Your Web applications can be the most important and most vulnerable entry point into your organization, and, as such, ensuring adequate hacker protection in your Web applications can be critical. A Web application not only includes the code that creates your Web site, but also the architectural components necessary to make a Web site available and useful to the public – both of which can make a Web site vulnerable to attacks like SQL injection or cross site scripting (XSS). When considering hacker protection for your Web applications, you must account for all the components that work together to create a Web site, not just the visible face presented to the world at large.

[read article...]
» The Latest in Internet Attacks: Web Application Worms
Published 09/07/2005 | Security Web Development | Rating:
By now, most companies recognize that network security is an important aspect of daily operations, but few realize how quickly new methods of Internet attacks are being invented. While organizations rush to develop their security policies and implement even a basic security foundation, the professional hacker continues to find new ways to attack by modifying old Internet worms, Trojans, and viruses, or creating completely new ones.  Recently, the attention of these hackers has reverted to Internet attacks targeted at the application layer, which can include either shrink-wrapped or custom applications. This layer is commonly the least protected layer of an organization's network. Industry experts estimate that three-fourths of the successful attacks targeting corporate networks are perpetrated via the application layer. Considering the nature of Web applications that allow access to internal and external audiences, these Internet attacks can pose a serious threat to an organization's back-end data without the organization's knowledge... [read article...]