Danny Harris

Danny Harris
Danny Harris has been an information and application security practitioner for over 20 years. He is knowledgeable in all phases of the secure software development life cycle (SDLC) and is responsible for the creation and delivery of application security training and Software Development Lifecycle (SDLC) programs at Security Innovation. Previous teaching experience includes 7 years as an adjunct professor for the Computer Security and Forensic Investigation program at Wilbur Wright College and as a security instructor for the SANS Institute. Topics of expertise include information security, security policy, metrics, application and network vulnerability assessments, real-time embedded systems programming, intrusion detection, and incident response.

Recent Posts

New York State proposed new security regulations, known as 23 NYCRR 500, which applies to financial services companies and goes into effect on March 1, 2017. The new rules outline steps that financial service institutions...

Google paid over $1.2 M in bug bounties to security researchers for reporting cross-site scripting (XSS) bugs in Google applications during the past 2 years. This fact is mentioned matter-of-factly in a blog article...

A CISO's Guide to Application Security

by Danny Harris on August 11, 2016 at 8:53 AM

CISO Executive Summary

Application security differs in a number of ways from IT security, Network Security, and Information Security, so standard solutions from those domains don’t necessarily address the challenges of...

A recent study by CloudPassage found that undergraduate computer science and engineering cybersecurity education at top American universities is not a priority. Some of the key findings from the study found the following:

FTC Issues Sanctions for Insecure Software

by Danny Harris on February 26, 2016 at 1:03 PM

The Federal Trade Commission (FTC) released a press release that describes the sanctions applied to a company whose insecure software products impacted hundreds of thousands of consumers. The company makes routers for...

We’re familiar with the cliché, "If your only tool is a hammer, then every problem looks like a nail."Because software is so complex and there is no single solution to adequately conduct comprehensive software security...

The 2015 (ISC)2 Global Information Security Workforce Study captures something we know to be true, yet few surveys actually spell it out so clearly:  Application vulnerabilities (security defects) represent the top...

The new PCI-DSS standard (v3.1) is effective immediately, but v. 3.0 will be retired at the end of June 2015.

The Security-Compliance Challenge

by Danny Harris on March 24, 2015 at 3:57 PM

There is a challenge facing any organization that has to meet compliance requirements – how to continuously meet those requirements and (even exceed them) by implementing a robust information security program tailored to the...

In the early days of the Internet, the US government did not allow the export of strong encryption algorithms outside of the United States. Only weak encryption techniques were allowed for export, so-called “export-grade”...