CISO at @sardineai. Treasurer of @OWASP Board of Directors. (he/him) qatta' mIghtaHghach.
Phoenix, AZ
Joined July 2009
- Tweets 8,305
- Following 139
- Followers 776
- Likes 17,402
In this lawsuit against @walmart, the @owasp @zaproxy makes a showing.
It found 100K instances of cross domain JavaScript, oh noes! 😂and a bunch of other equally dubious appsec claims.
Attorneys, please hire a competent appsec expert.
Lawsuit PDF: classaction.org/media/gardin…
1
4
7
I’m reminded of this podcast by Malcolm Gladwell that delves into the LSAT and the role of test-taking speed as a means of gatekeeping. Insight: if given more time or less time, the people who “excel” would change. Super arbitrary.
revisionisthistory.com/episo…
1
3
If you're going to use LinkedIn to find my email address so that you can sell me something, at least ALSO use LinkedIn to know if it's something related to my actual job.
🌈 Fighting COVID with hopes, wishes, and dreams. 🍀
SCOOP: As the presidential election fast approaches, HHS is bidding out a more than $250 million contract to a communications firm as it seeks to “defeat despair and inspire hope” about the pandemic, according to an internal HHS document I obtained. politi.co/31K6oCJ
The big lesson I learned from you is to pay it forward and remove as much gatekeeping as possible to allow anyone with passion to find their way in.
2
The draft of Web Content Accessibility Guidelines has a new "Accessible Authentication" mandate - you must offer an auth method that doesn't rely on remembering anything, including passwords.
WebAuthn ftw?
WCAG draft: w3.org/TR/WCAG22/#error-prev…
1
Back in 2009 when I wanted to switch professionally from dev to appsec, I had no experience and no job leads. Jer gave me my foot-in-the-door at @whitehatsec, which I later pivoted to PayPal. Always will be grateful for that career start!
2
5
Fawkes, the face cloaking anti-recognition tool.
nytimes.com/2020/08/03/techn…
1
Imagine your employer requires you to urinate on demand while they directly observe, otherwise you'll be fired.
Turns out it's legal and what @Sterilite_Corp requires of their employees.
abajournal.com/news/article/…
This report out of India (jointly with @DSCI_Connect & @paypal) is a great primer on commerce fraud and the controls to combat it.
If you operate an online store, you should read this.
Report is a free download (no forms to fill out).
dsci.in/content/fraud-and-ri…
2
4
I have had it happen a few times, especially on Saturdays, and they just deliver it the next business day. I assume it is when they forgot to drop it off and didn’t want to drive back, or maybe the carrier was sick and there wasn’t a backup, or something like that.
