His first can was posted a couple years ago (click here to see the first one)

There are solutions to help you land on these known bad sites, such as google safe browsing for firefox. Now keep in mind, as brought up in my last post… be extra careful about where you stick your cell phone

Full show notes can be found at The Information Security Place site

These same users are paranoids on their desktop, with anti-virus/malware tools, browser plugins like noscript and so forth. They “know” about security, but something about smartphones turn off this logic and safe browsing practices go out the window.

From what I can see most malware these days are delivered via web browser attacks and email. Its only a matter of time for the web and email attacks to be targetted at your smartphone. A device that has firmware that rarely if ever will be updated once a security problem is found. Its fertile ground… be aware.

Heres a brief article bring up the same issue http://www.securitypronews.com/insiderreports/insider/spn-49-20090819SmartphoneUsersTakeWebThreatsLightly.html

I am starting an effort to have a show posted every 2 weeks, with hopes for a Hands On Series every 2 months.

I will also be joining the An Information Security Place podcast as well. They do a podcast about general information security and I will be the resident webappsec expert to comment on those topics. This post is going to link to that episode 22 of the An Information Security Place podcast. I will not be normally doing this, but am doing it this week to get things rolling.

• My work schedule is now setup to allow me to be more active in the community again, which means I can now get podPress dev and my Podcast going again.
• Tons of people keep bugging me for updates, and I have appreciated every one of them
• And special thanks to the new sponsor for giving me the final push that was needed to get going on development again.

The report is intesting on many fronts, one of which is the fact that the tool I help build at NT OBJECTives came out on top, but also because its the first type of review thats looking at a statistic that really compares scanners in a quantifiable way.

Some comment on the site from users of the other products or from the vendors themselves have made the claim that web scanners are not designed to be “point and shoot” as they say, and that a human should be training the scanner to each web app. I think they are doing users a disservice to work from that assumption.

A scanner should do as much as it can on its own, and let humans do their own pen testing, and/or help point pen testers to areas of interest. If your a organization with hundreds or thousands of web apps that need testing, do you really have the man power to teach your “automated web scanner” how to test each of those apps?

Do you really have time to spend clinking on every link, and filling out every form on a website with some 3000+ pages, or do you want the scanner that does the best job of doing all of this for you?

Theres still a few tiny features I want to add in, but its in good shape, and I need sleep so I can run off to the Podcast Expo in a few hours.

UPDATE – Bug in this version… of course, so hang on for next release due out in a few hours