Chris Eng

Chris Eng, vice president of research, is responsible for integrating security expertise into Veracode’s technology. In addition to helping define and prioritize the security feature set of the Veracode service, he consults frequently with customers to discuss and advance their application security initiatives. With over 15 years of experience in application security, Chris brings a wealth of practical expertise to Veracode.
Posts by Chris Eng

Guerrilla Guide to Interviewing: Application Security Edition

January 24, 2007

I've always been a fan of Joel Spolsky's Guerrilla Guide to Interviewing. Unfortunately, I've never been able to apply it in its purest form because in recent years, I've been hiring mostly application security consultants, not software engineers. However, the structure is still remarkably useful, with some modifications. So, without further ado, here's an example of how one... READ MORE

The Dangers of Hosting PDFs

January 4, 2007

[Update, 1/6/07: Google has implemented a workaround for this vulnerability on their servers, so the proof-of-concept links in this posting will no longer demonstrate the exploit] Cross-site scripting (XSS) just got a lot scarier. At the 23rd CCC, Stefano Di Paola and Giorgio Fedon announced a new attack vector which basically puts any site hosting a PDF file at risk for XSS. The attacker doesn't... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu