Software Integrity Blog

Author Archive

Zack Allen


Zack Allen is an associate managing consultant at Synopsys. Zack comes from a security governance background and has been a CISA since 2009 and a CISSP since 2010. Prior to Synopsys, Zack spent 5 years as an Information Security Officer for SunTrust Banks. During his time with Synopsys, he has worked with clients to provide developers with remediation guidance, and he has assisted architecture teams with designing secure architectures for migrating applications to the cloud. Zack also teaches several of Synopsys' Instructor Led Training (ILT) courses from fundamentals to defensive programming to secure design. In his "spare" time, he practices Brazilian Jiu Jitsu and tries his best to raise his two young children.

Posts by Zack Allen:


3 reasons why the most common OWASP risks are STILL on the list after 10 years

In 2016, OWASP will publish the fifth iteration of the OWASP Top 10. First released in 2004, the OWASP Top 10 is a popular enumeration of the 10 most important web application security vulnerabilities as determined by severity as well as real world prevalence. As we await publication of this latest version, we can’t help but ask ourselves, “if the world’s most popular list of web application security vulnerabilities clearly shows what we should worry about and focus our efforts towards, why do the same issues continue to appear year after year?” Ignoring the past On July 1, 1940, the Tacoma Narrows Bridge first opened, connecting Tacoma to Kitsap County. It was the third longest suspension bridge in the world at the time (behind only the Golden Gate Bridge and George Washington Bridge). But, on November 7, barely four months after it opened, it collapsed into the Puget Sound. The reason for the collapse was mechanical resonance; the wind in the Puget Sound on that day just happened to provide an external periodic frequency that matched the bridge’s natural structural frequency.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on 3 reasons why the most common OWASP risks are STILL on the list after 10 years