|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: dave (dave
immunityinc.com)
Date: Tue Jun 22 2010 - 09:28:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
People use "3rd party" to mean a lot of things. For example, when scoping out a web
assessment, we often ask if you've incorporated any third party components. But that
question is getting harder and harder to answer. For example, does the search bar at
the bottom of www.immunityinc.com count as a third party component? What if it was a
Flash applet that only ran on the client? By that standard, isn't the "web browser" a
third party component?
But deep down, here's what we mean when we ask about 3rd party components: "What
about your application don't you know?" In the end, consulting, like any performance,
is about _surprising_ the customer. An insecure application is one in which the
emergent properties of the unknown parts of your application eclipse your ability to
manage them.
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkwgyJQACgkQtehAhL0gher+vQCeO+ubWIQ3sCOcJv4xMtlgXyW3
r3kAnRCdFK1I+CkSTHaMnDH2ZlvHi7Fi
=o/Lz
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]