John Montesi

John is a B2B and SaaS expert who likes to explain complex concepts using cute animals and cocktail napkins. He believes that content marketing is the future and sometimes ghost writes, but he can never prove it.
Posts by John Montesi

Your Application Security Program: Flawless Logic for Big Savings

February 5, 2015

It's no secret: There are hidden cost savings in most AppSec programs that go well beyond risk avoidance. But for CISOs, the trick is conveying those business propositions to executives who are driven by the bottom line and don't want to pay for intangibles. In a Veracode webinar, Sean Owens and Phil Neray demystify these hidden returns on investment (ROIs) that can be hard to explain to... READ MORE

Measure Twice, Cut Once: How to Avoid and Overcome Technical Debt

January 30, 2015

The first time I heard the term "technical debt," I thought it had something to do with buying 45 Nintendo Game Boy Color consoles on credit the day before the Nintendo DS came out. And while I certainly associated the right sentiment (shortsightedness, to be exact) with the term, I was way out of the ballpark. But the list of terms surrounding agile is growing, and fast — so fast... READ MORE

When It Comes to Third-Party Software, It's Not the Size — It's the Motion

January 21, 2015

You've likely heard the phrase, "Size matters." And you've probably heard, "It's not the size of the dog in the fight; it's the size of the fight in the dog," too. Whether you believe Cosmo or Twain is up to you, but one thing is certain: The democratization of the internet means small shops and major commercial developers alike can deliver third-party software... READ MORE

Apple Mobile Payments: Should You Pioneer or Play It Safe?

January 14, 2015

We've known for a long time that we'd someday be able to pay for things using our smartphones, ditching those dated plastic credit cards and clunky wallets for good. And it seems that day is right around the corner: Apple Pay is now accepted at a growing number of retailers — and with Square moving to enable near-field communication (NFC) payments for all its customers, the number... READ MORE

Don't Let Credit Card Hacking Happen to You!

January 9, 2015  | Security News

In recent weeks, both Kmart and Staples have been victims of credit card hacking. This isn't the first time a major retailer has been attacked in such a way: According to the New York Times, Kmart and Staples have joined the ranks of Target, Home Depot, Sally Beauty Supply, the United Parcel Service, Dairy Queen and countless other retail stores and restaurants that "have had their in-... READ MORE

5 Flaws a Secure Agile Development Process Can Help You Avoid

December 22, 2014  | Secure Development

You know what they say: "Measure twice, cut once." But no matter how often code is considered, measured or tested, there will be problems developers simply forget to account for. It's easy to assume that pulling an API from a trusted site like Facebook means you'll be safe, but, well, you know what happens when you assume. Before you start developing your next product, identify... READ MORE

Web Application Security Testing: Why the Utilities Industry Can't Afford a Security Blackout

December 16, 2014  | Security News

Web applications are surprisingly vulnerable to malicious attacks. No longer is the biggest threat to your safety an alleged, long-lost Nigerian uncle who needs all your bank account information so he can wire you a million dollars. Instead, an arsenal comprising parasitic apps, keyloggers, SQL injection and incredibly well-designed XSS shadow sites and emails is available to those who wish to... READ MORE

OCC Compliance and Financial Institutions: A Look Into the Crystal Ball

December 5, 2014

As goes the world, so goes banking. With everything else that's possible via technology today, there's no reason we shouldn't be able to deposit checks with our smartphones, complete online transactions with bank-enabled checkout systems or move money between bank accounts online. So we can. This creates major headaches for banks and their regulators. Every layer of accessibility is... READ MORE

It's Snappening: What the Snapchat Hack Teaches Us about Third-Party AppSec

November 26, 2014

Snapchat: This love-it-or-hate-it app, famous for turning down 3 billion of Facebook's dollars and infamous for being the easiest way yet to send risque photos, is in an interesting place. It's theoretically worth a lot, it's on almost everyone's phone, and it has virtually no infrastructure. The company seems to embrace glitches, flaunting its kitschy (or just downright bad)... READ MORE

International Cybersecurity Threats: Don't Fear the Distant Tighty-Whities

November 19, 2014

Unlike national security threats, cybersecurity threats are much harder to track. There is no Jack Bauer hunting down imminent threats, no single organization providing us with lists of places we can and can't go, and no oceans separating hackers from hackees. As the Internet becomes more and more globalized, security regulations can't keep up — which means the responsibility falls... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu