June, 2010


June 25, 2010  5:11 PM

A Freebie for Auditing Your Web Application for SQL flaws

Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database security, free tools, SQL Injection

I ran across a mention of this tool in a SANS newsbite. Scrawl latest version requires information Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL...

June 21, 2010  7:56 PM

SAS 70, SSAE 16, What’s in a Website Name?

Posted by: Arian Eigen Heald
Admins and Auditors, IT audit

Some dozen websites have the words "SAS 70" as part, or all of, their domain name on the web. Given the departure of the SAS 70 audit by 2011, I commented recently that they must not be having any fun. An anonymous reader ("CPA") wrote in to chastise me, to wit: Does anyone think that......

June 18, 2010  9:16 PM

The SAS 70 is Going Away – But…

Posted by: Arian Eigen Heald
Admins and Auditors, IT audit

It is being replaced (of course!) by the ever-so-easy to say acronym: SSAE 16. (Statement on Standards for Attestation Engagements No. 16, Reporting on Controls at a Service Organization.) What a mouthful! In April of this year, the AICPA (American Institute of Certified Public...

June 14, 2010  3:42 PM

Where IS the Data, Exactly?

Posted by: Arian Eigen Heald
Adventures in Auditing, cloud computing, Cloud Security, data security

After a nice vacation in the north woods of Maine, I returned to the excitement of my first "cloud computing" audit event. In doing a SAS 70 for a client, I discovered that they had outsourced a new application. No news there. When data is hosted by the provider, along with the application, all...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: