John Montesi

John is a B2B and SaaS expert who likes to explain complex concepts using cute animals and cocktail napkins. He believes that content marketing is the future and sometimes ghost writes, but he can never prove it.
Posts by John Montesi

The U2 Debut Scandal, Automatic Updates and You

November 7, 2014

Many of us in the tech world watched the iPhone 6 and iOS 8 debut a couple of weeks ago, eager to see what Tim Cook could cook up and which new features and functions would soon render last-generation iPhones obsolete. At the same time, those in the music world were shocked by U2's surprise announcement that the band was also dropping its new album, Songs of Innocence. Those who use any... READ MORE

Agile Scrum Methodology Is the No-Huddle Offense of Software

October 29, 2014

Agile is beyond a buzzword at this point — it's a way of life. And Agile Scrum methodology is getting there, but its frenetic pace and hyperspecialization of tasks is still novel to many companies. With Agile Scrum's recent advent and rapid gain in popularity, security teams are scrambling to catch up with developers. Not only does this no-huddle offense leave little time to talk... READ MORE

Only You Can Prevent an XSS Attack — Here's How

October 27, 2014  | Secure Development

preventing-xss-attacks.jpg The only thing worse than guys spouting industry buzzwords at random is guys spouting negative industry buzzwords at random. For every mention of "disruption" and the "Internet of Things," there's also a reference to an "XSS attack" or "Heartbleed" or some other common cybersecurity threat. Despite how common... READ MORE

Penetration Testing Doesn't Have to Feel Like Rabbit Farming

October 24, 2014

About half of all business Web apps developed in the last 15 years are Java-based. This makes Java an obvious target for hackers since it contains so many potential targets, and penetration testing is often skipped in favor of patchwork security solutions. Because much of today's background Java code is derived from crowdsourced code libraries, developers often trust that their code is safe... READ MORE

Monetary Authority of Singapore (MAS) Compliance: As Easy as Chewing Gum and Walking

October 23, 2014  | Security News

MAS-source-code-review.jpg Singapore is famous for its balmy weather, insanely clean streets — and maximum-security banks. The dark side of such a utopia is an overwhelming set of rules and regulations that can quickly become disastrous for tourists. The half-joke about visiting Singapore, chewing gum, and never leaving has a little too much truth to be funny. But I digress.... READ MORE

The OCC Returns: New Merchant Processing Rules

October 8, 2014

When your industry builds software or handles money electronically, standards are perhaps best filed under the "necessary evil" banner: No matter how out of touch they may seem — or what a pain they may be to people on the back end — they're created to help end users who put the money there to begin with, and that makes them worth following. Which is why the recent... READ MORE

To Customers, Security Compliance Is Cool — Take It from Dr. Evil

October 6, 2014

So, you're thinking about upgrading your security program? What's stopping you? Not only could you be getting hacked as you read this, but your security compliance could be selling your product to customers who are considering purchases. Many companies still aren't compliant with the PCI Security Standards Council's latest standards in Web app security, including 42 percent of... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu