Comments for Blog :: by Wade Woolwine http://www.wadewoolwine.com Thoughts and discussions on web technologies, security, and innovations. Tue, 09 Feb 2010 22:44:19 +0000 http://wordpress.org/?v=2.9.1-beta1 hourly 1 Comment on Book Review: ModSecurity 2.5 by Magnus Mischel by Ranch hand bumpers http://www.wadewoolwine.com/2009/12/31/book-review-modsecurity-2-5-by-magnus-mischel/comment-page-1/#comment-175 Ranch hand bumpers Tue, 09 Feb 2010 22:44:19 +0000 http://www.wadewoolwine.com/?p=211#comment-175 Covering ModSecurity 2.5 comprehensively and intelligibly is no small feat, and Mischel has achieved the goal. His style is concise yet clear, technical but not overly verbose, and well organized.<br>As "complete guides" go ModSecurity 2.5 meets the standard. Covering ModSecurity 2.5 comprehensively and intelligibly is no small feat, and Mischel has achieved the goal. His style is concise yet clear, technical but not overly verbose, and well organized.
As “complete guides” go ModSecurity 2.5 meets the standard.

]]> Comment on mod_auth_kerb and mod_authnz_ldap bring Apache web apps into the Enterprise by JOE http://www.wadewoolwine.com/2009/01/28/mod_auth_kerb-and-mod_authnz_ldap-bring-apache-web-apps-into-the-enterprise/comment-page-1/#comment-174 JOE Wed, 03 Feb 2010 22:38:30 +0000 http://www.wadewoolwine.com/?p=44#comment-174 Is it even possible to use LDAPVerifyServerCert on? With this feature turned off, apache will securely authenticate to any AD server that answers. I've also noticed that whenever I turn on LDAPVerifyServerCert, I always get bad certificate errors even though I'm using the same certificate with nss_ldap without issue. I haven't come across anything terribly informative about this issue, is it just something that is too trivial to go into? Is it even possible to use LDAPVerifyServerCert on? With this feature turned off, apache will securely authenticate to any AD server that answers. I've also noticed that whenever I turn on LDAPVerifyServerCert, I always get bad certificate errors even though I'm using the same certificate with nss_ldap without issue. I haven't come across anything terribly informative about this issue, is it just something that is too trivial to go into?

]]> Comment on RE: Alignment of Interests in Web Security by New sport http://www.wadewoolwine.com/2009/01/23/re-alignment-of-interests-in-web-security/comment-page-1/#comment-173 New sport Wed, 03 Feb 2010 01:03:58 +0000 http://www.wadewoolwine.com/?p=41#comment-173 I agree with this blog, this comment is very interesting and I want to visit it more frequently. I agree with this blog, this comment is very interesting and I want to visit it more frequently.

]]> Comment on Homegrown Application Security Program by Hosting Reviews http://www.wadewoolwine.com/2009/08/22/homegrown-application-security-program/comment-page-1/#comment-172 Hosting Reviews Tue, 26 Jan 2010 10:14:12 +0000 http://www.wadewoolwine.com/?p=89#comment-172 I agree that it is really the relationships that you make that makes a business successful. If you cannot keep your customers happy, then your business is sure to fail. I agree that it is really the relationships that you make that makes a business successful. If you cannot keep your customers happy, then your business is sure to fail.

]]> Comment on Thoughts on an AppSec Program (Pt. 4) – Metrics and defining success by Blog :: by Wade Woolwine » Blog Archive » Thoughts on an AppSec Program (Pt. 5) – Training, outreach, and networking http://www.wadewoolwine.com/2010/01/04/thoughts-on-an-appsec-program-pt-4-metrics-and-defining-success/comment-page-1/#comment-169 Blog :: by Wade Woolwine » Blog Archive » Thoughts on an AppSec Program (Pt. 5) – Training, outreach, and networking Tue, 05 Jan 2010 15:04:55 +0000 http://www.wadewoolwine.com/?p=194#comment-169 [...] I’ve spent the past 3.5 years working on a team where my primary responsibilities involved “application security”. Now that this era has come to an end, I’d like to share some of the initiatives and define their successes and shortcomings. This is part 5 of 5 so please be sure to read parts 1,  2, 3, and 4. [...] [...] I’ve spent the past 3.5 years working on a team where my primary responsibilities involved “application security”. Now that this era has come to an end, I’d like to share some of the initiatives and define their successes and shortcomings. This is part 5 of 5 so please be sure to read parts 1,  2, 3, and 4. [...]

]]> Comment on Thoughts on an AppSec Program (Pt. 4) – Metrics and defining success by wadew http://www.wadewoolwine.com/2010/01/04/thoughts-on-an-appsec-program-pt-4-metrics-and-defining-success/comment-page-1/#comment-166 wadew Tue, 05 Jan 2010 07:10:14 +0000 http://www.wadewoolwine.com/?p=194#comment-166 Thanks Ed. I appreciate the feedback! Thanks Ed. I appreciate the feedback!

]]> Comment on Thoughts on an AppSec Program (Pt. 4) – Metrics and defining success by edsmiley http://www.wadewoolwine.com/2010/01/04/thoughts-on-an-appsec-program-pt-4-metrics-and-defining-success/comment-page-1/#comment-165 edsmiley Tue, 05 Jan 2010 05:49:11 +0000 http://www.wadewoolwine.com/?p=194#comment-165 I am thoroughly enjoying this series and the entire blog. Keep up the good work!<br><br>Ed I am thoroughly enjoying this series and the entire blog. Keep up the good work!

Ed

]]> Comment on Thoughts on an AppSec Program (Pt. 3) – Threat modeling, architecture reviews, and security consulting by Blog :: by Wade Woolwine » Blog Archive » Thoughts on an AppSec Program (Pt. 4) – Metrics and defining success http://www.wadewoolwine.com/2009/12/31/thoughts-on-an-appsec-program-pt-3-threat-modeling-architecture-reviews-and-security-consulting/comment-page-1/#comment-164 Blog :: by Wade Woolwine » Blog Archive » Thoughts on an AppSec Program (Pt. 4) – Metrics and defining success Mon, 04 Jan 2010 15:08:42 +0000 http://www.wadewoolwine.com/?p=183#comment-164 [...] I’ve spent the past 3.5 years working on a team where my primary responsibilities involved “application security”. Now that this era has come to an end, I’d like to share some of the initiatives and define their successes and shortcomings. This is part 4 of 5 so please be sure to read parts 1,  2, and 3. [...] [...] I’ve spent the past 3.5 years working on a team where my primary responsibilities involved “application security”. Now that this era has come to an end, I’d like to share some of the initiatives and define their successes and shortcomings. This is part 4 of 5 so please be sure to read parts 1,  2, and 3. [...]

]]> Comment on Thoughts on an AppSec program – The Team by Blog :: by Wade Woolwine » Blog Archive » Thoughts on an AppSec Program (Pt. 2) – Penetration Testing http://www.wadewoolwine.com/2009/12/29/thoughts_on_an_appsec_program-the_team/comment-page-1/#comment-163 Blog :: by Wade Woolwine » Blog Archive » Thoughts on an AppSec Program (Pt. 2) – Penetration Testing Wed, 30 Dec 2009 15:10:14 +0000 http://www.wadewoolwine.com/?p=171#comment-163 [...] I’ve spent the past 3.5 years working on a team where my primary responsibilities involved “application security”. Now that this era has come to an end, I’d like to share some of the initiatives and define their successes and shortcomings. This is part 2 of 5 so please be sure to read part 1. [...] [...] I’ve spent the past 3.5 years working on a team where my primary responsibilities involved “application security”. Now that this era has come to an end, I’d like to share some of the initiatives and define their successes and shortcomings. This is part 2 of 5 so please be sure to read part 1. [...]

]]> Comment on Big Changes on the Horizon by wadew http://www.wadewoolwine.com/2009/12/17/big-changes-on-the-horizon/comment-page-1/#comment-160 wadew Sun, 27 Dec 2009 19:43:40 +0000 http://www.wadewoolwine.com/?p=163#comment-160 Thanks! Thanks!

]]>