Security Experts:

WRITE FOR US
Alan Wlasuk's picture

Alan Wlasuk

Contact Alan Wlasuk

Alan Wlasuk is a managing partner of 403 Web Security, a full service, secure web application development company. A Bell Labs Fellow award-winner with 18+ years of experience building secure web applications, Wlasuk is an expert in web security - from evaluation to web development and remediation.

Recent articles by Alan Wlasuk

  • The Unseen Security Dangers in Financial Web Sites
    Millions of identities, credit card numbers and user login credentials are still being compromised every year by hackers getting into web sites we believe are secure. This valuable information will, undoubtedly, end up in the wrong hands.
  • The BEAST - Security Hype from the Net?
    The vulnerability represented by the BEAST shouldn't be viewed as a major crime risk, rather as just one of hundreds, if not thousands, of Internet flaws that will soon to be discovered in the near future.
  • Is Your Smartphone Safe?
    Crime follows money, and with the information on your phone representing access to potentially billions of dollars in the cyber crime world, you and your phone become a tempting target.
  • My Web Site Has Been Hacked - Now What?
    If you own a business with an investment in a web presence, whether it is the core of your e-commerce sales or just a brochure site, you should be thinking about what could be a soon-to-be personal relationship with the hackers behind your very own security breach.
  • Case Study: Securing Web Applications
    In this “Case Study” column I will share some takeaways based on my involvement in two recent remediation engagements as a basis for understanding the reasons behind the continued trend in vulnerable web applications.
  • Covering Your Bets With Cyber Insurance
    If you’re being honest with yourself, major successful cyber attacks on companies in the past few years should convince you of the fact that your business could eventually fall victim to a cyber attack.
  • Data - The Driver of Our Digital Economy
    The protection of data is far harder than most people recognize.
  • Password Purgatory - Are we Ever Going to Get Passwords Right?
    Are we ever going to get passwords right? And by “right”, I mean impossible to crack, easy and inexpensive to implement, and acceptable to a public that generally views passwords as an annoyance?
  • The Zappo's Breach - When Bad Things Happen to Good Companies
    Until information on how the Zappos breach was executed comes to light, we can only assume Zappos was as good, perhaps better than most on-line retailers as far as security is concerned.
  • Help! I Think my Kid is a Script Kiddie
    Like any well-established sub-culture, the world of script kiddies is fascinating to watch, difficult to fully understand from the outside and obviously intriguing to those within that world.
  • Lessons Learned from My Relationship with Morto
    My brief relationship with the Morto worm lasted exactly 5 days, at least that I know of. Morto is a computer worm – one that burrows into a computer system and lives to infect other computers and take orders from her botnet herder.
  • Dragging your Database Out Through Your Login Screen
    The joy of a hacker extracting your data is similar to the excitement one experiences playing the mechanical claw arcade machines – the one where you insert a few quarters and grab a toy with a mechanical claw. Picture the hacker running scripts instead of using the arcade game joystick.
  • Five Web Application Security Myths
    Protecting your website from hackers is tough. The battle between the good guys and the bad guys is an ever escalating war where a misstep on your part may mean a breached site.
  • Botnets - Herds of Internet Creatures Running Amuck
    While our attention is immediately drawn to the Internet when we think about the benign-turned-evil Matrix, a more interesting comparison can be made to the current Internet plague of botnets.
  • The Immutable Laws of Security
    I recently found two great security articles from 2000 from a well-respected Microsoft security guru, Scott Culp. These laws are still very applicable to today’s security world, and I wanted to pass along 7 of my favorites with Culp’s thoughts as well as my own spin.
  • Security Through Obscurity? Don't Count On It.
    There are thousands of script kiddies, launching hundreds of thousands of automated attacks every day. Anyone who argues that their website is too small or obscure for anyone to test for flaws isn’t paying attention to the fact that everyone’s website is being tested, all the time.
  • Physically and Virtually Occupying Wall Street
    Initially scoffed at as being "leaderless" and "directionless", the Occupying Wall Street rally appears to be moving towards focusing on defining such lofty demands as ending the death penalty, ending war and achieving wealth equality.
  • Another SSL Hack - A Deadly Internet Trend
    The world’s expectations of breach-proof SSL certification agencies have been shattered. As expected all of the ruling bodies that control the Internet have rallied to identify the root causes of these breaches and are working on future preventable mechanisms.
  • Anonymous Wants to Kill Facebook?
    Watching Anonymous in action is far better than most of the programming on television. Anonymous seems to be in a never-ending battle against the “evils” that surround mere mortals.
  • How BART Protests & Anonymous Could Change U.S. Society
    With its publicly stated goal of protecting the rights of the masses against big business and government, Anonymous launched several successful attacks on the BART Web Site as well as other city Web Sites.
  • Code Wars: The Cold War Gone Tech
    Cyber Will be part of any future conflict, whether it's a nation state or terrorism, according to a long time CIA veteran. We are looking towards a time when nations will launch online attacks and extremist groups will add cyber attacks to their tactics.
  • When Network Security Is Not Enough
    Most people will focus on perimeter security and think that they have it all covered. Unfortunately, network security is never enough. Just as we cant control what's on television, who is in Internet chat rooms or who is on the other end of the phone, we can't control the browsers that are interacting with your web applications.
  • Plausible Deniability: The Web Security Version
    I’ve approached design and development companies with the thought of pre-launch web application security scans, done on a staging server. More times than I can count, these conversations end up in an agreement that web security is essential but there is no desire to find out how really secure the target site really is.
  • Secure Web Application Development - A Holistic Approach
    Unless your company sets security as a prime requirement, your website will be one of the 70 percent on the Internet that contains major security flaws.