This is somewhat dated, but so what? Most of the points raised still hold valid.
CIO/CSO: “I just went to a very important luncheon meeting. First, they bought me steak, then they showed me powerpoint about this new security list, then we got to watch STAR WARS! I want our websites to be OWASP Top Ten certified by then end of the week!”
… and it goes on with the sad-but-true
Consultant: “Hello, I just completed CISSP boot camp. I am here to run OWASP Top Ten security scanning software and install a web application firewall! Cookies?
Sorry, I’m diabetic.”
Speaking of which:
Dilbert “Maybe we should first start with password protecting the website? Or fixing our expired SSL certificate?”
How true; how poignant! And we all know the response to that:
Seriously, though: a while ago I read an article suggesting that how you title you posts or blogs was very important and used examples from magazines such as Cosmopolitan to illustrate that: “The top 10 ways …”, “10 things you should know” and such like were going to attract more readers.
Well heck, who wants to read an article titled:
“Six and a half ways to secure your web site”.
Maybe those into reverse psychology perhaps?
But please, do fix those expired SSL certificates.