Following the Wh1t3 Rabbit - Practical Enterprise Security

Enterprise Security organizations often find themselves caught between the ever-changing needs of the agile business, and the ever-present, ever-evolving threats to that business. At the same time – all too often we security professionals get caught up in “shiny object syndrome” which leads us to spend poorly, allocate resources unwisely, and generally de-couple from the organization we’re chartered to defend. Knowing how to defend begins with knowing what you’ll be defending, why it is worth defending, and who you’ll be defending from… and therein lies the trick. This blog takes the issue of enterprise security head-on, challenging outdated thinking and bringing a pragmatic, business-aligned, beyond the tools perspective … so follow the Wh1t3 Rabbit and remember that tools alone don’t solve problems, strategic thinkers are the key.

Rafal (Principal, Strategic Security Services)

Attention App Sec Professionals in Ottawa and Montreal, Canada!

... we've got a workshop coming to Ottawa and Montreal coming in September. You read it right... I'll be up in Ottawa, CA on Sept. 22nd, and Montreal, CA on Sept. 23rd giving 2 feature-packed workshops that you can't afford to miss if you have a stake in the web application security space. I've included some of the details below, obviously please contact me or Luc Laforest (see below) directly to get going and sign up... hope to see you there!

Are you interested in Web Application Security? Have you ever wondered how the "black hats" break into web applications so easily? These topics and more will be covered when we take a trip down the rabbit hole, and dig deep into the many sides of web application security. We'll cover everything from attack methodology, security best-practices, defense in-depth, and yes... some real-world hacking! I will also talk you through building a holistic web application security program with tips from real-world successes aimed at helping you accomplish your goals.  Come join us, bring your questions, concerns and curiosity - you won't be disappointed!

  • Latest hacking techniques from "the real world"

  • News, commentary and Information from the world of web application security

  • Defensive coding techniques to avoid being tomorrow's news

  • Business-level thinking on building a holistic web application security program

  • Benefits of integrated security tools as part of a complete SDLC

Send an email to Luc Laforest ( with the date you'd like to attend, and some of your business-card information and we'll get you signed up! These events are at NO COST to you, zero, zip, zilch, nada, niet, nic.

Security professionals, developers, IT managers responsible for web applications and IT Security professionals.  Basically - if you have an interest in securing web applications, you need to be here. 


September 22nd, 2008
Hotel Indigo Ottawa
Indigo Room
123 Metcalfe Street, Ottawa, ON K1P 5L9
Lunch and Registration 12:00-12:30
Presentation 12:30-2:00
Break 2:00-2:15
Presentation 2:15-3:30
Q & A 3:30-4:00

September 23rd, 2008
Hotel Place D'Armes
St. Jaques Room
55 St-Jacques Street
West Old Montreal, Quebec H2Y 3X2
Breakfast and Registration 8:30-9:00am
Presentation 9:00-10:15am
Break 10:15-10:30am
Presentation 10:30-11:30am
Q & A 11:30-12:00

About the Author(s)
Follow Us
Twitter Stream

Community Announcements
HP Blog

Technical Support Services Blog

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation