Ideas and Opinions from the Trenches
There are lots of ways we can optimise what we do, through a data driven approach, but we need to be careful and use critical and creative thinking.
Tagged in: AppSec (4)
Software Engineering Security Culture
We need to fix the culture, from top to bottom in the software engineering industry. Here are just some of the issues as I see them and what we should be doing about them.
Threat Modeling Remotely with Miro and EoP
Threat modeling with teams is a process that requires visuals, interaction between team members and discussion and so lends itself to everyone being in a room together. This has been quite hard the last two years. It also doesnβt look to be getting any easier, so we should probably get used to it. Hereβs how Iβve been doing it with several teams.
Application Security is More than Just Pen Testing
So often organizations believe that Application Security stops at penetration testing and fixing vulnerabilities but it is more than that, penetration testing is the reactive side of things but you also need the proactive aspects of Application Security to reduce the flow.
Browse all Topics
- Accountability
- ANTLR
- Application Security
- AppSec
- Aritifical Intelligence
- Authentication
- Authorization
- Awareness
- CAPEC
- Centrality
- Certificates
- Clean House
- Compiler Compilers
- Compliance
- Culture
- Dependency Analysis
- Digital Signatures
- Elevation of Privilege
- English
- Framework Fixators
- Games
- Grammar
- Graph Analysis
- GSSCredential
- Hashing
- HttpClient
- HttpComponents
- Inner-Source
- IT Extremists
- Java
- JavaCC
- JavaScript
- JBoss
- JNDI Realm
- Kerberos
- Key Distribution Center
- languages
- LDAP
- Leadership
- learning
- Legislation
- Manners
- Miro
- Miroverse
- Mitre
- Motivation
- Origins
- Osteria
- OWASP
- Ownership
- PageRank
- Parser Generators
- PicketLink
- Posters
- Precision
- Programming Languages
- Public Key Cryptography
- Python
- Reachability
- Recall
- Responsibility
- Risk
- Running
- SAML
- SAST
- SCA
- Scrum Nazis
- Scrum Talibans
- Security
- Security by Design
- Social Engineering
- SSL
- SSO
- Strategy
- STRIDE
- Threat Modeling
- Threat Modelling
- TLS
- Tomcat
- Top 10
- TRIM
- Trustworthyness
- Vulnerability Management
- Wildfly