AppSec Blog

DevOps is Killing Maintenance. Let's Celebrate.

DevOps probably isn't killing developers. But it is changing how people think about development - from running projects to a focus on building and running services. And more importantly, DevOps is killing maintenance, or sustaining engineering, or whatever managers want to call it. And that's something that we should all celebrate. High-bandwidth collaboration and rapid … Continue reading DevOps is Killing Maintenance. Let's Celebrate.


Secure Software Development Lifecycle Overview

In a previous post, we received a question asking, "what is a secure software development lifecycle"? This is an excellent question, and one that I receive quite often from organizations during an application security assessment. Let's quickly review the Software Development Lifecycle, also known as the SDLC. The goal of an SDLC is to provide … Continue reading Secure Software Development Lifecycle Overview


Clickjacking: Help, I Was Framed!

Security researchers discovered and disclosed the Clickjacking attack (also known as a "UI Redress Attack") back in 2008. All major browsers were affected. Flash even had an interesting vulnerability that allowed control of a user's microphone and webcam. Yet, here we are 7 years later still citing this issue on nearly every security assessment of … Continue reading Clickjacking: Help, I Was Framed!


Developer Security Awareness: How To Measure

In the previous post (What Topics To Cover), we laid the foundation for your developer security awareness-training program. Now let's talk about the metrics we can collect to help improve our program. It's all about the metrics As we previously mentioned, establishing a common baseline for the entire development team would be helpful. A comprehensive … Continue reading Developer Security Awareness: How To Measure


Developer Security Awareness: What Topics To Cover

In our last post (Is Security Your Top Priority), we discussed improving the security of our organizations with security awareness training for development teams. Now let's talk about the security training we should provide. What Topics To Cover All team members have different knowledge levels of the various threats facing our applications. Some have received … Continue reading Developer Security Awareness: What Topics To Cover