• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

DevelopSec

  • Home
  • Podcast
  • Blog
  • Resources
  • About
  • Schedule a Call

sdlc

November 15, 2019 by James Jardine Leave a Comment

Ep. 116: Chrome Retires XSS Auditor

Do you rely on the browser to protect your application from Cross-Site Scripting? Over the years, many of the popular browsers attempted to create these XSS filters to help reduce the risk of the vulnerability. Unfortunately, over the years we have seen a lot of bypasses to these filters. Chrome announced they are removing their XSS Auditor. Hear some of our thoughts on the changes. Listen to the Episode:   References https://www.chromium.org/developers/design-documents/xss-auditor … [Read more...] about Ep. 116: Chrome Retires XSS Auditor

Filed Under: Podcast Tagged With: application security, AppSec, cross site scripting, developer training, sdlc, secure code, secure development, secure sdlc, security awareness, training, xss

July 12, 2016 by James Jardine Leave a Comment

Application Security and Responsibility

Who is responsible for application security within your organization? While this is something I don't hear asked very often, when I look around the implied answer is the security team. This isn't just limited to application security either. Look at network security. Who, in your organization, is responsible for network security? From my experience, the answer is still the security group. But is that how it should be? Is there a better way? Security has spent a lot of effort to take and … [Read more...] about Application Security and Responsibility

Filed Under: General Tagged With: app sec, application owner, application security, developer, developer security, qa, sdlc, secure code, secure testing, testing

March 30, 2016 by James Jardine Leave a Comment

When One Testing Solution Isn’t Enough

Go to any conference, attend some webinars, or just do a search for application security testing solutions and you can quickly see the sheer number of solutions out there. As in every situation, there are some that are great and some that are not so great. With such great marketing, it is often very difficult to determine what is the best solution. All too often people are looking for that silver bullet. That one testing tool or pen testing company that will find everything. Unfortunately, … [Read more...] about When One Testing Solution Isn’t Enough

Filed Under: General Tagged With: awareness, development, SDL, SDL Development lifecycle, sdlc, secure code, security, security coding, security testing, testing

July 16, 2015 by James Jardine Leave a Comment

SDLC: Understanding your Roles

Application security should be on the mind of anyone that is part of the application design/build process. That means architects, developers, application owners, QA testers, business analysts and even end users. Everyone of these positions plays a role in the security of the applications. Depending on the organization, the roles can be quite different. You must understand the roles of these positions from a development perspective to really understand how they fit into the security aspect … [Read more...] about SDLC: Understanding your Roles

Filed Under: General Tagged With: application owner, baselines, business analysts, developer, development, qa, roles, sdlc, secure sdlc, security, security design, security training, training

June 1, 2015 by James Jardine Leave a Comment

Business Analysts and Product Managers: Security Roles

In a previous post I discussed how QA plays a critical role in the security of an application. As with QA and developers, the business analysts and product managers are also crucial to a successful security development lifecycle. Not to add any pressure, but it is these two roles that feed into the other groups for the security requirements. When designing an application the focus is usually placed on ensuring that the end user functionality, the functionality to solve a specific problem, … [Read more...] about Business Analysts and Product Managers: Security Roles

Filed Under: General Tagged With: Business analyst, business requirements, design, product manager, requirements, sdlc, security, software design, software testing, testing

March 13, 2015 by James Jardine Leave a Comment

Input Validation: Keep It Simple

Attackers take advantage of an application by manipulating the inputs to the system. For example, a first name field or even a request header like the user-agent. Applications wouldn't be very useful if they didn't accept any input from the end user. Unfortunately, this is the key attack vector. One of the basic techniques used to help protect a system is to us input validation, which assesses the input to determine if it is should be accepted. Many development groups have fought with the … [Read more...] about Input Validation: Keep It Simple

Filed Under: General Tagged With: developer, developer awareness, input validation, qa, sdlc, secure coding, secure development, security, security testing

Primary Sidebar

Contact Us:

Contact us today to see how we can help.
Contact Us

Footer

Company Profile

Are you tackling the challenge to integrate security into the development process? Application security can be a complex task and often … Read More... about Home

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • GitHub
  • Twitter
  • YouTube

Contact Us

DevelopSec
Email: james@developsec.com



Privacy Policy

© Copyright 2018 Developsec · All Rights Reserved