Explore four different threat modeling methodologies—STRIDE, PASTA, Trike, VAST—and assess their strengths and weaknesses.
Explore four different threat modeling methodologies—STRIDE, PASTA, Trike, VAST—and assess their strengths and weaknesses.
Note Web Deploy is typically not directly invoked at the command line, and is instead called by Visual Studio as a part of deployment using a GUI. It is poorly documented and not made to be user friendly on the command line. Better tools (e.g. Chef) exist for this type of work, and should be […]
Another week, another preventable, high-profile tech disaster. The Iowa Democratic Party used a mobile app to pull results from statewide precincts for the Iowa caucus. While there were many reasons why this application failed, the Democratic Party left it to “coding issues.” Anyone with any degree of experience can tell you this excuse really means they […]
When everything is agile, it can be difficult to stay productive. Changing requirements and priorities often necessitate task switching, which takes a toll on your concentration, accuracy, and efficiency. This gets more complicated when your schedule is also agile. The usual productivity tips apply best to those working in a typical office with typical hours. What […]
People tend to thrive in environments where they feel safe. Organizations often consider the physical safety of their individuals, but fewer consider the implications of intellectual and emotional safety in driving company success. Leaders have the opportunity to help engineer a generative culture, where team members feel safe, supported, and trusted to think creatively and innovate. […]
Scrum. Kanban. Lean. XP. SAFe. RUP. Scrum of Scrums. There are many frameworks available to organizations that are maturing their agile software development process. However, the use of some frameworks can help reinforce agile behaviors, while others can be degenerative and actually drive an organization to revert to more waterfall-like software development. The choice of […]
Artificial intelligence is one of the fastest growing fields in the technology world, but there’s still a lot of uncertainty surrounding what truly qualifies as AI, the different types of AI, and how quickly AI is advancing. First, it’s important to set a framework about what AI is. While there isn’t one accepted definition, most […]
Welcome to the second half of my two-part blog on Understanding Session Management. In part 1, we covered what was session management and started digging into some possible attack types associated with this vulnerability. Here we will continue to look into other associated attack types. 4. Cross-Site Request Forgery (CSRF) – Severity: High “Cross-Site Request […]
Session Management has always been one of the OWASP Top 10. Take a look of the most recent two OWASP Top 10s. Top 10, 2013: A2 – Broken Authentication and Session Management Top 10, 2017: A2 – Broken Authentication Under the description of A2 of Top 10, 2017, it says, “Application functions related to authentication […]
What is application security, or AppSec? Let’s talk about web application security first. OWASP was created in 2001 and has been known as the best community for web application security. Volumes of online resources for web application security defects, security testing, and security projects have been produced by OWASP. Yet web application security is only […]
