Sister CISA CISSP:

June, 2010

1

June 25, 2010  5:11 PM

A Freebie for Auditing Your Web Application for SQL flaws

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

I ran across a mention of this tool in a SANS newsbite. Scrawl latest version requires information Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL...

June 21, 2010  7:56 PM

SAS 70, SSAE 16, What’s in a Website Name?

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Some dozen websites have the words "SAS 70" as part, or all of, their domain name on the web. Given the departure of the SAS 70 audit by 2011, I commented recently that they must not be having any fun. An anonymous reader ("CPA") wrote in to chastise me, to wit: Does anyone think that......


June 18, 2010  9:16 PM

The SAS 70 is Going Away – But…

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

It is being replaced (of course!) by the ever-so-easy to say acronym: SSAE 16. (Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization.) What a mouthful! In April of this year, the AICPA (American Institute of Certified Public...


June 14, 2010  3:42 PM

Where IS the Data, Exactly?

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

After a nice vacation in the north woods of Maine, I returned to the excitement of my first "cloud computing" audit event. In doing a SAS 70 for a client, I discovered that they had outsourced a new application. No news there. When data is hosted by the provider, along with the application, all...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: