• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

DevelopSec

  • Home
  • Podcast
  • Blog
  • Resources
  • About
  • Schedule a Call

secure design

June 7, 2018 by James Jardine Leave a Comment

Choosing Application Security Tools

There are lots of security tools available, so how do you know which one to pick? If your security team is not including the application teams in the decision, you run a big risk of failure. The security team does get the ability to form relationships with vendors. We see them at conferences. We know people that work there. Because our focus is on security, we know the tools that exist in our space and we have an idea of which ones may be better than others. Of course, this is often due to … [Read more...] about Choosing Application Security Tools

Filed Under: General Tagged With: application security, AppSec, awareness, dast, iast, owasp, pen testing, penetration testing, pentest, qa, sast, secure design, secure development, security, security testing, security training, testing, top 10, vendors

February 24, 2018 by James Jardine Leave a Comment

OWASP 2017 Changes

When I talk to people about application security, the most recognized topics is the OWASP Top 10. If you haven't heard of the top 10, or need a refresher, you can get the full list at: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf The OWASP Top 10 is on a three year update cycle. We had the list in 2010, 2013 and now the latest is 2017. You may be wondering why it is 2017 rather than 2016. I think that is a question a lot of people had. In any case, the list made it out … [Read more...] about OWASP 2017 Changes

Filed Under: General Tagged With: application security, AppSec, awareness, database, owasp, pen testing, penetration testing, pentest, qa, secure design, secure development, security, security testing, security training, testing, top 10

February 14, 2018 by James Jardine Leave a Comment

Two-Factor Authentication Considerations

There was a recent article talking about how a very small percentage of google users actually use 2-factor authentication. You can read the full article at http://www.theregister.co.uk/2018/01/17/no_one_uses_two_factor_authentication/ Why 2-Factor Two-factor authentication, or multi-factor authentication, is a valuable step in the process to protect accounts from unauthorized users. Traditionally, we have relied just on a username/password combination. That process had its own weaknesses that … [Read more...] about Two-Factor Authentication Considerations

Filed Under: General Tagged With: application security, AppSec, awareness, database, owasp, pen testing, penetration testing, pentest, qa, secure design, secure development, security, security testing, security training, testing, top 10

January 24, 2018 by James Jardine Leave a Comment

Tinder Mobile Take-Aways

While browsing through the news I noticed an article talking about the Tinder mobile app and a privacy concern. You can read the article at https://www.consumerreports.org/privacy/tinder-app-security-flaws-put-users-privacy-at-risk/. To summarize what is considered the issue is that the mobile application does not transmit the photos that you see using HTTPS. This means that anyone on the same connection can see the traffic and, ultimately, see the photos you are presented. From my … [Read more...] about Tinder Mobile Take-Aways

Filed Under: Take-Aways Tagged With: android, application security, AppSec, awareness, database, encryption, ios, mobile, mobile security, owasp, pen testing, penetration testing, pentest, privacy, qa, secure design, secure development, security, security testing, security training, testing, tinder, top 10

August 23, 2017 by James Jardine Leave a Comment

Understanding Your Application Platform

Building applications today includes the use of some pretty impressive platforms. These platforms have so much built in capability, many of the most common tasks are easily accomplished through simple method calls. As developers, we rely on these frameworks to provide a certain level of functionality. Much of which we may never even use. When it comes to security, the platform can be a love/hate relationship. On the one hand, developers may have little control over how the platform handles … [Read more...] about Understanding Your Application Platform

Filed Under: General Tagged With: application security, developer, developer training, development, secure design, secure development, security, security coding, security testing, testing

June 19, 2017 by James Jardine Leave a Comment

Validation: Client vs. Server

Years ago, I remember being on a technical interview phone call for a senior developer position. What stood out was when the interviewer asked me about performing input validation. The question was in regards to if validation should be on the client or the server. My answer: The server. What took me by surprise was when the response was that my answer was incorrect. In fact, I was told that Microsoft recommends performing validation on the client. This was inaccurate information, but I let it … [Read more...] about Validation: Client vs. Server

Filed Under: General Tagged With: application security, secure design, secure development, secure testing, security, security awareness

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »

Primary Sidebar

Contact Us:

Contact us today to see how we can help.
Contact Us

Footer

Company Profile

Are you tackling the challenge to integrate security into the development process? Application security can be a complex task and often … Read More... about Home

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • GitHub
  • Twitter
  • YouTube

Contact Us

DevelopSec
Email: james@developsec.com



Privacy Policy

© Copyright 2018 Developsec · All Rights Reserved