Get short, timely messages from Dan Cornell.

Twitter is a rich source of instantly updated information. It's easy to stay updated on an incredibly wide variety of topics. Join today and follow @danielcornell.

Get updates via SMS by texting follow danielcornell to 40404 in the United States
Codes for other countries

Country	Code	For customers of
Two-way (sending and receiving) short codes:
Australia	0198089488 Telstra
Canada	21212 (any)
United Kingdom	86444 Vodafone, Orange, 3, O2
Indonesia	89887 AXIS, 3, Telkomsel
Ireland	51210 O2
India	53000 Bharti Airtel, Videocon
Jordan	90903 Zain
New Zealand	8987 Vodafone, Telecom NZ
United States	40404 (any)

danielcornell

Morale will continue until the beatings improve 11:50 AM May 31st via TweetDeck
@falconsview I have hellacious NOLA cab stories. Mostly not being able to get one before 6am. Trouble when you have a 6am flight... 9:24 AM May 30th via TweetDeck in reply to falconsview
@Wh1t3Rabbit Yes. We have two sorts of numbers: per-vuln for keyboard fix time & project compsition ratios: %fix, %validate, %deploy etc 12:09 PM May 29th via TweetDeck in reply to Wh1t3Rabbit
@Wh1t3Rabbit All of the projects we've done have -some- sort of central library for encoding/validation. Sometimes ESAPI, MS AntiXSS, custom 12:04 PM May 29th via TweetDeck in reply to Wh1t3Rabbit
@chriseng @jeremiahg So 40 hrs when averaged over all of it - not a horrible guess. But orgs need to tune model to their env. 11:56 AM May 29th via TweetDeck
@chriseng @jeremiahg Also those were HARD SQLi But that is also only the keyboard time for fixes; didn't include testing, validation, etc 11:55 AM May 29th via TweetDeck in reply to chriseng
@wickett We've used the Java input validation and encoding stuff. LOTS of dependencies, tho 10:53 AM May 29th via TweetDeck in reply to wickett
Hey everybody @denimgroup uses #OWASP ZAP and so should you bit.ly/KVFMxC 7:05 AM May 29th via TweetDeck
RT @donicer: Movie today: Heartbreak Ridge with Clint Eastwood <One of the best 6:20 PM May 26th via TweetDeck
RT @Zap0tek: PHP: a fractal of bad design -- bit.ly/HwbMMk <YES! 11:36 AM May 26th via TweetDeck
@jack_daniel Avocado. Sprouts are filthy 9:48 AM May 26th via TweetDeck in reply to jack_daniel
@falconsview That's just one item, right? 11:28 AM May 25th via TweetDeck in reply to falconsview
@jcran Congrats on the move! Exciting stuff 5:28 PM May 24th via TweetDeck in reply to jcran
@mkonda Most of the teams we work w/ that have quick cycle times choose to handle fixes in-house b/c they can do them lots cheaper 2:54 PM May 23rd via TweetDeck in reply to mkonda
@mkonda Fair point. Agile practices (auto test, cont integration) can help get 3rd party folks on board. But also reduce costs for in-house 2:53 PM May 23rd via TweetDeck in reply to mkonda
"What color plane you want to buy?" "Clear. Like Wonder Woman's" Damn 30 Rock is funny... 11:34 AM May 20th via TweetDeck
RT @EoinKeary: #owasp fund raising for project and guide development. If you use #owasp give us a $1 bit.ly/KBW3dP 8:56 AM May 19th via TweetDeck
OH "I don't hate adobe the mud product; it works just fine and you don't have to apply security updates every week" 11:03 AM May 18th via TweetDeck
Upcoming webinar from @johnbdickson bit.ly/JXFucj on Keeping Your Data Safe 8:18 AM May 18th via TweetDeck
@451wendy Hop on 35. You should be able to make it. 3:19 PM May 17th via TweetDeck in reply to 451wendy