877.791.9571 |

About the Author:

Russ McRee is a senior security analyst, researcher, and founder of holisticinfosec.org, where he advocates a holistic approach to the practice of information assurance. He is also a security researcher for InfoSec Institute.

His predominant focuses are incident response and web application security; he does both as team leader of Microsoft Online Service’s Security Incident Management team.

Russ speaks and writes frequently on information security topics; including toolsmith, a monthly column for the ISSA Journal.

IBM's ISS X-Force cited him as the 6th ranked Top Vulnerability Discoverers of 2009.

OWASP Top 10 Deeper Dive – A8: Failure to Restrict URL Access

Description: Parsing the OWASP Top Ten with a closer look at Failure to Restrict URL Access
Introduction
Per our discussion of OWASP Top 10 Tools and Tactics, we continue our closer […]

OWASP Top 10 Deeper Dive – A5: Cross-Site Request Forgery (CSRF)

Description: Parsing the OWASP Top Ten with a closer look at Cross-Site Request Forgery (CSRF)
Introduction

Our discussion of OWASP Top 10 Tools and Tactics garnered enough interest to warrant a […]

OWASP Top 10 Tools and Tactics

Description: A tool for each of the OWASP Top 10 to aid in discovering and remediating each of the Top Ten

Introduction

If you’ve spent any time defending web applications as […]

Security Incident Response Testing To Meet Audit Requirements

Description: Practical guidance and tools to ensure maximum readiness for incident response teams including drill tactics. PCI-DSS audits often require IR testing validation; drill quarterly and be ready next […]