While things were a little quiet on the local blogging front this past week due to the awesomeness that is BlackHat, Richard Bejtlich, @rybolov and @geminisecurity came to the rescue with three excellent posts that discuss everything from the importance of sanitizing web apps to what we need in a CyberArmy.

As everyone slowly recuperates from BlackHat, expect a large influx of must-read posts about the event. If you’d like to catch most of these posts, be sure to follow us @grecs during the week.

#3 – The Real CyberArmy: In his post “The CyberArmy You Have…” @rybolov opens with the military saying, “[y]ou go to war with the army you have, not with the army you wish you had.” This is especially true for the US as it charges ahead with its national Cybersecurity strategy without having having the proper skill set or the proper leadership. While Cyberwar is a top skill to have, @rybolov notes that “the existing contractor skillset is based on procedural offerings,” and that, “[t]o be honest, I see lots of people with cybersecurity offerings, but what they really have is rebranded service offerings because the skills sets of the workforce haven’t changed.” As much as we might think that we have a CyberArmy that can handle anything, @rybolov makes the excellent point that we need to see the CyberArmy that we actually have. To learn more about the CyberArmy we have and what we can do to make it better, read @rybolov’s full post here.

#2 – FUD for Thought: In his guest post for fudsec.com (the fud comes from fear, uncertainty and doubt), security expert Richard Bejtlich talks about threat-centric thinking being on the rise. Bejtlich makes the excellent observation that over the past few years, there has been a shift in perspective when DoS attacks occur. It used to be that when a DoS attack occurred, people would ask “how did it happen?” Now, the primary concern when a DoS attack occurs is “who did it?” But is the shift from “how” to “who” good or counterproductive? You’ll just have to read the full post to find out; Bejtlich’s answer might surprise you.

#1 – Sanitize Those Apps: A few weeks ago we featured the @geminisecurity post “Sanitizing Input in Web Apps (Part 1).” We ranked it at number one to emphasize the importance of sanitizing input for the web (and anything else, for that matter). That’s why when @geminisecurity rolled out with part two of their “Sanitizing Web Apps” article, we knew that it needed to fill the number one slot again. Sanitizing input for web apps is one of the basic tenants for securing web apps. When we forget to sanitize input, or skip what might seem to be a rather minor step, we’re doing ourselves and users a huge disservice. It goes back to our motto of doing the basics and doing them well; it saves you, and everyone else, a lot of headache in the end. More than that though, it helps keep everyone safer. And at the end of the day, isn’t that what we all want? While we step off our soapbox, head over to @geminisecurity to read the full post.

Well, that’s all for this week. Expect some interesting BlackHat posts this upcoming week!

It’s time for one of our favorite posts of the week… the post where we get to spotlight some great bloggers who are involved in the local infosec community.

If you, or someone you know should be added to the list of bloggers we consider each week, please contact us or send us a tweet.

#3 – iPhone Apps: We’re always looking for good apps for the iPhone (especially with the release of 3.0) so luckily for us, @geminisecurity had a post that covered 4 of the best apps for the iPhone. But @geminisecurity didn’t just cover regular iPhone apps; no, they covered security apps for the iPhone, which is definitely needed if all the recent rumors swirling around Apple’s security are true. You can check out the full post for more information.

#2 – Security for a Million: Writer and speaker Richard Bejtlich posed an interesting question this week, asking what a black hat could do with a $1 million budget. But instead of just leaving it as a question, Bejtlich actually wrote out a tentative breakdown of what a black hat organization could do with a $1 million budget.  I’m not sure what was scarier; the fact that he created a potential financial plan for a black hat organization to follow, or that $1 million could go a lot further in a black hat organization than it could in most of the organizations we work for. Really makes you question how much money is wasted on unimportant things. Definitely read the post for yourself and let me know what you think.

#1 – Cyberwarfare and the Spanish Civil War: According to guest poster ian99 of the The Guerilla CISO, “Perhaps the most interesting model of development and Cyberwarfare activity today would be based on the pre-WW II example of the Spanish Civil War.” Tracing the historical origins of cyberwarfare, ian99′s post is like attending a ShmooCon talk and a history lesson all in one. Check out the full post here.

Well, that’s all for this week. Be sure to follow me @grecs during the week for more great posts from local bloggers.

o o o o o

Speaking of great local bloggers… we’re looking for some great guest bloggers to feature on NovaInfosecPortal. If you’re interested, feel free to contact us or send us a tweet.