Trying to prove an app has no vulnerabilities is fraught with challenges, so teams need to choose appropriate strategies for securing apps and ways of measuring whether the time and money spent searching for vulnerabilities is effective. This means understanding how metrics apply to your specific environment.
Mike Shema is VP of Security at Cobalt.io. Mike's experience with information security includes managing product security teams, building web application scanners, and consulting across a range of information security topics but that’s for work. For fun he writes books and blog posts about information security, with an infusion of references to music, sci-fi, and horror to keep the topics entertaining. His books include Anti-Hacker Tool Kit and Hacking Web Apps. He has taught hacking classes and presented research at conferences around the world. Passionate about this fascinating topic, he can be also followed on Twitter.