VeriSign sells its PKI/SSL business to Symantec
Quick. What’s the first thing you think of when you hear the name “VeriSign?” Right, SSL and digital certificates.
VeriSign sold off its Authentication Services business to Symantec and is apparently now focusing on its network infrastructure and domain registrar businesses. For me, it’s weird to think of VeriSign without the PKI aspect. It’s also incongruent to have a PKI-related name like “VeriSign” mean anything but PKI now. Good thing they’re already an established company, I guess.
Frankly, I don’t know why I felt compelled to write about this other than it seems so humorous to me. The best part, though, is that selling to Symantec “delivers on [the] request” of its customers to have their “offerings integrated into a larger services suite.” Puh-leeze. I’m thinking it was Symantec’s cool $1.3B that REALLY delivered.
Learning how to write secure web apps
If you write web applications you owe it to yourself, your company, and your users to have some knowledge of the exploitation techniques that will be used against it. Knowing the techniques helps you write more secure code.
The obvious way to learn about such things is to read books or security web sites. The more interesting (OK, fun!) way of doing it is to actually perform the exploits against against a purposefully insecure web application that’s built to be hacked.
OWASP has had such an application for years. WebGoat is an insecure J2EE application that provides lessons on how to exploit the weaknesses. I tried this awhile ago and it’s really eye-opening from a non-hacking developer’s perspective.
Google has just created a similar application called Jarlsberg. Jarlsberg runs on Google’s AppEngine and is written in Python. However, language choice doesn’t matter much when it comes to security vulnerabilities in web applications. Like WebGoat, Jarlsberg teaches you how to perform the exploits in a series of hands-on lessons.
I haven’t tried Jarlsberg yet but it’s on my list of things to do.