3% That's about how much developers care about security. Starting last year I made a concerted effort to speak at developer conferences. The idea was to go directly to people who write actual code and help spread the word about application security. By speaking at technical conferences that appeal to top developers the goal was … Continue reading How much do developers care about security?
Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). He has helped improve software security at some of the world's most security-sensitive organizations in financial services, software, ecommerce, healthcare, telecom and other industries. Rohit has built and taught SANS courses on Secure J2EE development. He has spoken and … Continue reading Ask the Expert - Rohit Sethi
My brain's on fire about devops, having just got back from Devopsdays. Devops is starting to have the same kind of impact on application and system operations as Agile has had on software development. Although only a small number of people at a few companies are really doing devops, it is getting a lot of … Continue reading What Appsec can learn from Devops
When a development team first starts to take application security seriously, they'll end up with a list (probably a long list) of security bugs. It's useful to look at security bugs in different ways.
Design Flaws vs. Implementation Bugs
The first is to ask where each bug comes from - is it an architectural or … Continue reading Different ways of looking at security bugs
Nick Galbreath is director of engineering at Etsy, overseeing groups handling fraud, security, authentication and internal tools. Over the last 18 years, Nick has held leadership positions at a number of social and e-commerce companies, including Right Media, UPromise, Friendster, and Open Market, and has consulted for many more. He is the author of "Cryptography … Continue reading Ask the Expert - Nick Galbreath