• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

DevelopSec

  • Home
  • Podcast
  • Blog
  • Resources
  • About
  • Schedule a Call

application security

October 23, 2024 by James Jardine

Application Security Starts With IT

Building secure applications has to start with the IT department. We have fought the battle for far to long in trying to have a different group responsible for securing our applications. Whether you call it application security, product security, devsecops, or something else. It just doesn't work. These different groups can help in identifying and implementing some processes, but secure code starts with the development team. If we really want to start building more secure applications we have … [Read more...] about Application Security Starts With IT

Filed Under: General Tagged With: app sec, app testing, application security, product security, secure development, security testing

December 14, 2023 by James Jardine

Tips for hiring developers with security experience

In order to reduce the risk to our applications, we must start hiring resources that come in with some level of secure development knowledge. As a matter of fact, it shouldn't even be thought of as security knowledge, but just good development knowledge. Job Description The first question that pops up is around writing job descriptions. How much "security" should be in a job description for a developer role? Does it change from entry level engineer to a senior level engineer? I think there … [Read more...] about Tips for hiring developers with security experience

Filed Under: General Tagged With: application security, hiring, secure code, secure coding, secure developmlent, security

November 29, 2023 by James Jardine Leave a Comment

HTTPS Isn’t Just For Sensitive Info

When we think about HTTP vs. HTTPS, we often focus on the risk to sensitive information. HTTP transmits our data in clear-text, while HTTPS encrypts the data to stop people from snooping. But that is not all that HTTPS does. What about tampering? One of the other key aspects of HTTPS is to protect our communication with the server from tampering. In this case, we would be concerned with someone being able to manipulate the responses that are sent back to the user's browser. While no sensitive … [Read more...] about HTTPS Isn’t Just For Sensitive Info

Filed Under: General Tagged With: application security, AppSec, development, sdlc, secure development, security, security awareness, security testing, testing

June 27, 2023 by James Jardine

Technical Debt vs. New Dev

When it comes to application vulnerabilities, there are 2 common groups we might view them: Technical Debt and New Development.  I break these down because the way in which we address vulnerabilities is fundamentally different. Something that might not be exploitable receives a very low priority when it is technical debt. However, during new development, it can be addressed with little cost. Much of this comes down to if soemthing is syntactically insecure vs. actually vulnerable. Let’s look at … [Read more...] about Technical Debt vs. New Dev

Filed Under: General Tagged With: application security, AppSec, developer training, secure development, security, training

January 31, 2023 by James Jardine Leave a Comment

Ep. 120: Addressing Root Cause – Vulnerable Components

In this episode we talk about addressing the root cause of an issue versus the symptoms. How can the process of keeping application components updated be improved? For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Transcript: In this episode, James talks about root cause analysis versus treating … [Read more...] about Ep. 120: Addressing Root Cause – Vulnerable Components

Filed Under: Podcast Tagged With: application security, application security program, developsec, secure development, security, vulnerable components

March 24, 2022 by James Jardine

Input validation is less about specific vulnerabilities

Security takes a layered approach to reduce the risk to our organization. Input validation is the perfect example of one of these layers. In most cases, input validation is 1 factor in a multi-pronged approach to protecting against common vulnerabilities. Take any course on secure development and they will, or should, mention input validation as a mitigating control for so many vulnerabilities. You might notice that it always comes with a but. Use input validation, but also use output … [Read more...] about Input validation is less about specific vulnerabilities

Filed Under: General Tagged With: app sec, applicaiton security, application security, developer security, developer training, input validation, qa, qa security, quality assurance, secure code

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 13
  • Go to Next Page »

Primary Sidebar

Contact Us:

Contact us today to see how we can help.
Contact Us

Footer

Company Profile

Are you tackling the challenge to integrate security into the development process? Application security can be a complex task and often … Read More... about Home

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • GitHub
  • Twitter
  • YouTube

Contact Us

DevelopSec
Email: james@developsec.com



Privacy Policy

© Copyright 2018 Developsec · All Rights Reserved