Skip to main content

June 07, 2018

Quick Tips for Building an Effective AppSec Program – Part 3

This is the last post in my series on creating an effective AppSec program within your organization. In my last post, we discussed the importance of t...

See Details

May 02, 2018

Quick Tips for Building an Effective AppSec Program – Part 2

In my last blog post, I talked about what an application security (AppSec) program is and how an organization would go about building a formal program...

See Details

April 11, 2018

Quick Tips for Building an Effective AppSec Program – Part 1

An application security (AppSec) program can be defined as the set of risk mitigating controls and business functions that support the discovery, reme...

See Details

April 20, 2017

Secure SDLC Lessons Learned: #5 Personnel

t’s no secret that finding and retaining dependable, well-trained application security professionals is a serious challenge, and has been for years. P...

See Details

April 14, 2017

Secure SDLC Lessons Learned: #4 Metrics

As the secure SDLC program matures, vulnerabilities should be caught and remediated earlier in the lifecycle. To know if the program is truly working,...

See Details

April 05, 2017

Secure SDLC Lessons Learned: #3 Knowledge Management

The term “knowledge management” (KM) refers to using vulnerability mining to turn remediation into lessons learned. Essentially this involves taking k...

See Details

March 22, 2017

Secure SDLC Lessons Learned: #2 Assessment Toolchain

Most organizations would agree that maintaining a fast, predictable flow of planned work (e.g. projects, scheduled changes) that achieves business goa...

See Details

March 14, 2017

Secure SDLC Lessons Learned: #1 Application Catalog

Building an application catalog is a critical step towards maintaining governance over a secure SDLC program. The primary purposes of the catalog are ...

See Details

August 14, 2012

SQL Injection and Reflected Content-Sniffing Attacks

Content sniffing is a subset of browser quirks that web application developers and security testers alike should be aware of. In a nutshell, content s...

See Details