Entries by Brad Johnson

Network Security Tools and Their Limitations

There are lots of tools that you can use to help analyze and profile the networked resources you have. There are web scanners like Nikto, WebScarab, and WebInspect; vulnerability scanners like Nessus and ISS and intrusion detection systems like snort. There are packet sniffers like Wireshark (formerly Ethereal) and TCPdump. There are specialty programs like […]

Payment Card Industry: Compliance Overview

The Payment Card Industry (PCI) has decided that organizations that transmit, store, or process credit card data, in particular, the Primary Account Number (PAN), be compliant with the PCI Data Security Standard (PCI-DSS). Once you start using payment card data, the compliance is mandatory, all encompassing, and immediate. The mandate for PCI-DSS compliance has been […]

Why is this so hard?

We all know that there is a lot of pressure on companies to offer new or upgraded services over the Internet. We also know that a lot of this pressure funnels to the development groups that are tasked with quickly (usually, too quickly) releasing functionality that the masses can consume. The fact is, exploiting security […]

New OWASP Top 10 Web Application List

The Open Web Application Security Project (OWASP) has updated their Top 10 security issues that plague (Internet) web applications. The original version came out in 2004 and through the hard efforts of many members and non members of the OWASP community, the list has been updated to be more consistent as well as more reflective […]


Welcome to my SystemExperts Network Security & Thought Leadership Blog! Here I will periodically post my thoughts on interesting things that are going on in the Internet that relate to security. My plan is to post an entry at least once a month and then let you the blogger readers provide your comments on it. […]