Let's give some stuff away

As an effort to promote application security awareness in the CFML community, I am going to do a little bit of giving things away. Specifically, I am going to be giving away some security related items.

As many of you know, I am very interested in Application Security. I am always trying to learn more about it and encourage others to learn more. Application Security is becoming more and more important even for our simple applications.

So to help encourage learning about application security, I am going to give away some of these security related learning materials to the good people of the CFML community who provide substantive comments on my blog.

I will choose pseudo-randomly from the good comments that show up on my blog.

Comments must be substantive. Things like "Nice Post!" and "I agree" are fine if that is what you want to say, but they will not be chosen from. I want this to promote discussion, and I want to learn from others who would either add to my posts with knowledge of their own, or to disagree and offer their own insight.

Remember, I will be choosing from the comments, so multiple comments means multiple entries. I will also include my subscribers. So simply by subscribing you will get another entry.

I will start this off by giving away three of these items for comments posted in June and see how it goes. That's one item to three people, not three items to one person. I will notify the recipients by email, so be sure to use a valid email address.

12robots Dark T-Shirt
12robots Dark T-Shirt
Buy this product at CafePress

Ajax Security

Professional Pen Testing for Web Applications

Foundations of Security

Web Application Hackers Handbook

Brad Wood's Gravatar Nice Post! I agree! Way to.. oh wait, nevermind. :)

Looking forward to the series, Jason.
# Posted By Brad Wood | 6/1/09 6:02 AM
Dan Vega's Gravatar I am not sure if the shirt will make me more secure, but I want it! ha ..looking forward to it!
# Posted By Dan Vega | 6/1/09 7:35 AM
Jason Dean's Gravatar So I am now realizing that Amazon's Affialite Web Service is ONCE AGAIN failing to display. I actually have 4 books included here as well. I will fix the post to not rely on Amazon.
# Posted By Jason Dean | 6/1/09 8:08 AM
Jason Dean's Gravatar Thanks Dan. You made me realized that several items were missing. You get to be my first entry in the giveaway.

Oh, and if nothing else, the t-shirt will help you feel more secure in the fact that you are not naked at work.
# Posted By Jason Dean | 6/1/09 8:34 AM
Chris's Gravatar I like security, do I win? :)
# Posted By Chris | 6/1/09 9:47 AM
Dan Wilson's Gravatar Jason,

Thanks for continually reminding us about Web application security, a truly important topic that doesn't get enough press coverage in blogs.

I also appreciate you digging deep to make giveaways happen for your constituents.

# Posted By Dan Wilson | 6/1/09 12:43 PM
Jason Dean's Gravatar @Brad, I wondered how long it would take to get someone to post those comments :) Well done.

@Chris, You always win when you think about security . How's that? Feeling fulfilled? ;)

@Dan, thanks for the kind (and big) words.
# Posted By Jason Dean | 6/1/09 1:06 PM
Sarah Kelly's Gravatar I was just reading a post regarding the problem of too many problems (can't find it right now though). It talked about a security review revealing so many issues that the client was overwhelmed and had no idea where to start. I think that's what my own 'review' is revealing. So if you had to pick *one* security issue to *start* with, what would it be? (I hope you haven't already posted about this. I just started looking at your blog very recently.)
# Posted By Sarah Kelly | 6/30/09 1:32 PM
Jason Dean's Gravatar @Sarah,

thanks for the comment. I have that article sitting open in a browser at home waiting for me to read it. We only recently started doing App scanning where I work, and when I looked at the report it, at first seemed overwhelming, but then as I got used to looking at the report, i realized that a lot of the problems were the same problem in different places, and a lot of them were easy fixes or false positives.

Outside of the no-brainers (SQL Injection, XSS)I don't know that I would pick any one kind of vulnerability to start with, but I would start with either the most serious and/or the lowest hanging fruit (easiest to fix).

When I read the article, I may post my thoughts and expand on that.
# Posted By Jason Dean | 6/30/09 2:03 PM
BlogCFC was created by Raymond Camden. This blog is running version 5.9.1. Contact Blog Owner