tag:blogger.com,1999:blog-13756280.post9020169623182759243..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: WebAppSec Twilight ZoneJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-13756280.post-24525227970812880202007-07-21T22:49:00.000-07:002007-07-21T22:49:00.000-07:00But Apple WAS first! ;) j/kyah, I hear ya. I just ...But Apple WAS first! ;) j/k<BR/><BR/>yah, I hear ya. I just get touchy on that particular subject because we took a lot of flack when we first introduced the SaaS model to webappsec VA. Everyone from the VCs, competitors, analysts, experts, consultants, ....heck even customers... said it would NEVER work. <BR/><BR/>Now everyone is jumping in... which I think is cool actually... and we're proud of the pioneering we we've done. But what I don't like is people (marketers especially) attempting to rewrite the history since we earned it the hard way. However, I think the point you are trying to make is that everyone should be focused on making something GREAT, rather than worrying about first-ness. I whole-heartedly agree.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-19244587024653397872007-07-21T10:00:00.000-07:002007-07-21T10:00:00.000-07:00Hey, it's marketing. That stuff is never accurate....Hey, it's marketing. That stuff is never accurate. They always pretend to be the first at everything. Some kind of weird cultural obsession with first-ness. Apple is a good example of a company that doesn't care about firsts, just better engineering/design.<BR/><BR/>Perhaps Google built a system rather than bought because they needed something for their answers team to do? Or maybe they just did not want someone who does not stand in their cafeteria line knowing anything about their dirty laundry? They don't have anyone in charge of security so you really can't say it was part of a clear direction.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-30496495937038811872007-07-20T21:57:00.000-07:002007-07-20T21:57:00.000-07:00ahaha, nice catch MustLive. Can't believe I missed...ahaha, nice catch MustLive. Can't believe I missed that! Title changed, the URL.. don't know how to do that in blogger.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-37149614611259433552007-07-20T17:51:00.000-07:002007-07-20T17:51:00.000-07:00Jeremiah, nice post.But you need to fix title (and...Jeremiah, nice post.<BR/><BR/>But you need to fix title (and maybe url also).<BR/><BR/>Because your "twlight" zone, not so twilight ;-).Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-53155870555811345602007-07-20T14:43:00.000-07:002007-07-20T14:43:00.000-07:00Hey James, yah, that could be. Google might have w...Hey James, yah, that could be. Google might have wanted to give it a shot because of the sheer challenge. I can see that happening from their guys over there, but have no real idea one way or the other. I would highly doubt that IBM or HP might have outbid Google for something it wanted. :)<BR/><BR/>Normally, I'm pretty open about whats going on here at WhiteHat and how we do things. On the topic of acquisition, I have no choice but the say "no comment". It would be not be in the best interest of our company, shareholders, and the acquirer otherwise.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-41638032100642266182007-07-20T13:38:00.000-07:002007-07-20T13:38:00.000-07:00Or, it could be that Google had people in house th...Or, it could be that Google had people in house that wanted to build one. They definitely have the brain power in house and maybe IBM scooped them on Watchfire and HP on SPI... It is good to see the big dogs getting into the space. <BR/><BR/>But, Jeremiah, honestly tell us if google tried to pick up WhiteHat?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-82624648954652231702007-07-19T07:22:00.000-07:002007-07-19T07:22:00.000-07:00Oh I'll fully stand behind Sentinel's uniqueness, ...Oh I'll fully stand behind Sentinel's uniqueness, but that marketing snippet only describes a 10,000 ft view of the service. To dig into the details one would need to read "<A HREF="http://www.whitehatsec.com/home/sentinel/howitworks.html" REL="nofollow">How Sentinel Works</A>". There is some cool stuff in there like vulnerability verification, new functionality detection, custom testing, etc.<BR/><BR/>Think of custom testing like creating up a script for every manual test an expert might try during an assessment. The benefit being they can be performed automatically with each successive scan.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-69277763669224249012007-07-18T23:36:00.000-07:002007-07-18T23:36:00.000-07:00Let me see..."WhiteHat Sentinel employs a unique a...Let me see...<BR/><BR/>"WhiteHat Sentinel employs a unique approach to website vulnerability management: We probe and test your application the same way a valid user or potential attacker would – by going to the designated host name, possibly logging in, and then mapping out and testing the Web-application functionality that we find."<BR/><BR/>What can I say, that's a very unique approach to a web application security assessmenent.<BR/><BR/>:-)<BR/><BR/>In the 21st. century, you can't avoid marketing.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-91191459683064198732007-07-18T20:33:00.000-07:002007-07-18T20:33:00.000-07:00Fair enough, but it wasn't until 2005 that Watchfi...Fair enough, but it wasn't until 2005 that Watchfire added "security" to the managed service.<BR/><BR/>http://www.watchfire.com/news/releases/1-31-05.aspx<BR/><BR/>Claiming uniqueness in something WhiteHat had already been offering for nearly 2 years.<BR/><BR/>"WebXM 4.0 is the only enterprise-scale platform capable of identifying and reporting web application security vulnerabilities, one of the fastest-growing problems facing global organizations."<BR/><BR/>But then again, who could blame marketing for not being informed.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-73037640126513096242007-07-18T06:50:00.000-07:002007-07-18T06:50:00.000-07:00Jeremiah,Watchfire has been offering a managed ser...Jeremiah,<BR/><BR/>Watchfire has been offering a managed service since 2002:<BR/><BR/>http://www.watchfire.com/news/releases/8-22-02.aspxAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-5672941438956700972007-07-17T17:17:00.000-07:002007-07-17T17:17:00.000-07:00AHAHAH! Google sneezes and 50million comes out... ...AHAHAH! <BR/><BR/>Google sneezes and 50million comes out... man... with them I guess anything could happen. Fortunately Im no analyst. :)Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-6872604106198252402007-07-17T17:13:00.000-07:002007-07-17T17:13:00.000-07:00Ummm...I...er...Hey, I did say you were my intervi...Ummm...I...er...<BR/><BR/>Hey, I did say you were my interview "victim," didn't I. You will be happy to know that you represent the majority opinion on this matter, however misguided that may be... ;)<BR/><BR/>You know I love you, man. Besides, my aikido skills aren't what they used to be.<BR/><BR/>/HoffAnonymousnoreply@blogger.com