Tech Blog

OWASP Top 10 Risks #2: Broken Authentication and Session Management

Posted by Max McCarty

Oct 22, 2014 2:54:55 PM

In 2013 over 34 million Americans reported some form of identity theft.  Three quarters through 2014 there is already a reported 568 data breaches with over 75 million records compromised and hundreds of millions of users affected.  This is up from the 439 breaches in 2013.  Identity theft isn’t a possibility, it’s a reality that is happening all the time and identity theft is at the core of the 2nd of OWASP’s top 10 most critical web security risks of 2013; Broken Authentication and Session Management.

Here we'll examine the overall theme of just what broken authentication and session management looks like and also look at how to properly implement some common website features correctly.

Read More

Topics: authentication, security, OWASP

Admin Power Boost: Process Builder

Posted by Cindy Kester

Oct 21, 2014 10:49:01 PM

I had the pleasure of attending quite an amazing event, Dreamforce 2014.  Marc Benioff sure knows how to ‘WOW’ the crowd – I heard some fans even compare it to Woodstock.  The new feature I am most excited about is the Process Builder, a new workflow tool that will give Admins a power boost!

Read More


Interoperability and the Importance of Quality Process Supporting EHRs

Posted by Marcus Bruhn

Oct 16, 2014 10:10:00 AM

With healthcare’s continuing shift towards electronic health records (or EHRs), interoperability between systems and devices is a key driver for achieving successful communication between all parties in the healthcare environment. For patients, this means our health information must be available to anyone who may treat us, presented in a meaningful and value-driven manner. Implementing an EHR system, in many cases, can be a very complicated task which requires coordination between multiple disciplines inside healthcare. Although migrating to an electronic health system is a step forward to process optimization and efficiency, it can be a driver towards over-dependency and reliability for staff members in their everyday work.

Following the Ebola case at Texas Health, the Dallas hospital had initially stated that the hospital’s electronic health record had failed to admit Thomas Eric Duncan, an American unknowingly infected with the virus. During that time, Mr. Duncan’s health information was not passed along to other care
providers via their EHR system. This caused physicians not to receive his travel history due to a “flawed” setup in its health record system. This was all later retracted by the hospital in a statement made by Texas Health Resources:

“We would like to clarify a point made in the statement released earlier in the week. As a standard part of the nursing process, the patient's travel history was documented and available to the full care team in the electronic health record (EHR), including within the physician’s workflow. There was no flaw in the EHR in the way the physician and nursing portions interacted related to this event.” 

The confusion as to the root-cause of the issue is an alarming example of the lack of visibility engineers and quality experts can come across in the processes of health systems. Delivering quality standards down to the design-level, for both data and workflows, is key to driving process improvement and optimization inside the constantly changing technology of a healthcare facility.

Read More

OWASP Top 10 Risks: #1: Injection

Posted by Max McCarty

Oct 13, 2014 9:42:43 AM

The term injection can encompass a large number of different variations such as SQL, XML, LDAP, HTML, CSS and Remote file injections (which is not an exhaustive list).  In the end, they all boil down to injecting a command in the guise of data, where the command is then executed with malicious results on the targeted system.  This is all a result of what the Open Web Application Security Project has identified as Injection Flaws.

Read More

Topics: security, .Net, OWASP

How Leonardo da Vinci would paint the Mona Lisa today

Posted by Phil Van Sickel

Oct 9, 2014 10:02:24 PM

A common illustration used in Agile training is the process an artist uses to paint a picture.  It illustrates the iterative and incremental approach agile teams use to properly build software.   I expect every scrum adherent has seen this visual.

Read More

Be Sure with Azure .NET - Azure Table Storage (Part 2)

Posted by Max McCarty

Sep 30, 2014 11:02:00 PM

For part 2 of a two part series, we continue looking at Microsoft Azure's Table Storage service.  If you're just joining us, you can catch up with Part 1 and learn about getting started with Table Storage, comparison to relational databases, as well as desigining and persisting data to your tables.  

Read More

Topics: microsoft, .Net, azure

Swarming, A Visual

Posted by Phil Van Sickel

Sep 27, 2014 10:56:00 AM

Swarming is an agile technique to increase team ownership of code and to produce flow.  The idea is that the entire team works on the same story at the same time.  For teams who are used to dividing and conquering the stories this is a significant culture change, yet it is an important one if you desire to progress in your agile maturity.

Read More

Topics: Agile and Development

Be Sure With Azure .NET – Azure Table Storage (Part 1)

Posted by Max McCarty

Sep 23, 2014 10:54:12 PM

This is the second article in an ongoing “Be Sure with Azure” series on Microsoft Azure features and services.   You can check out the first in the series on Azure's Blob Storage. For this next article in the series, we are going to be looking at Microsoft’s Azure’s Table Storage service. I have decided to break it into two parts as we’ll be covering a lot. 

Part 1 will involve working with NoSQL databases, the differences between relational databases, designing and creating your Azure Table as well as all the available operations for persisting data. 

Read More

Winter ‘15 Improvements : You Asked For It!

Posted by Dan Fowler

Sep 20, 2014 10:06:24 AM

This dialog happens all day, every day:

Read More

Salesforce API Access Changes for Connected Apps

Posted by Dan Fowler

Sep 18, 2014 10:53:00 PM

On September 10, 2014, Salesforce made a security change that may be affecting your users.  If Users have been reporting the following errors with their Salesforce 1 Mobile App (iOS and Android), Salesforce for Outlook, Connect for Outlook or Office and Chatter Desktop, then you will need to modify a Profile setting in your org:

Read More

Topics: salesforce

Subscribe to Email Updates