Link to Security Journey Home Page
Blog
The Manifesto defines threat modeling as analyzing representations of a system to highlight security and privacy characteristics. Threat modeling is that, and much more. Threat modeling educates developers and testers about security from a different perspective than the OWASP Top 10 or an attacker-centric view.
Read Story
The software supply chain has gotten more attention than usual in the past months, as companies have disclosed issues resulting from flawed approaches to protecting the integrity of their software-based applications. The software supply chain is weakly held together, and most people have no idea just how fragile it is.
Read Story
The Zen of Python's source code is a string scrambled with Caesar’s cipher returned from a one-line iterator over an ASCII dictionary. Many coding languages today pay homage to it. Let's apply the Zen of Python to application security.
Read Story
Nothing forecasts the future of a programming language better than the epos of its community. For Python, one word dominates the discussions of the past few years: performance.
Read Story
Application security lists, like the CWE Top 25 and Owasp Top 10, help focus on specific weaknesses or vulnerabilities within your system. But, do you understand their approach to ranking? If not, can you really trust them? Some vulnerability list ranking methodologies bias one aspect of security over another, and some may not work with partially unknown vulnerabilities.
Read Story
As the complexity of applications increases, so does your reliance on open source and third-party software libraries. With the compounded usage of open source, an expansion of the attack surface is underway. The increased threat is evident in recent high-profile attacks targeting the software supply chain. These types of attacks threaten organizations indirectly by targeting third-party vendors that provide you with software. Can you vouch for the security state of every library in your Rails applications?
Read Story
