• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

DevelopSec

  • Home
  • Podcast
  • Blog
  • Resources
  • About
  • Schedule a Call

security training

June 26, 2018 by James Jardine Leave a Comment

Overview of Web Security Policies

A vulnerability was just identified in your website. How would you know? The process of vulnerability disclosure to an organization is often very difficult to identify. Whether you are offering any type of bounty for security bugs or not, it is important that there is a clear path for someone to notify you of a potential concern. Unfortunately, the process is different on every application and it can be very difficult to find it. For someone that is just trying to help out, it can be very … [Read more...] about Overview of Web Security Policies

Filed Under: General Tagged With: application security, developer, researcher, secure development, secure software, secure testing, security research, security training, security.txt, white hat

June 7, 2018 by James Jardine Leave a Comment

Choosing Application Security Tools

There are lots of security tools available, so how do you know which one to pick? If your security team is not including the application teams in the decision, you run a big risk of failure. The security team does get the ability to form relationships with vendors. We see them at conferences. We know people that work there. Because our focus is on security, we know the tools that exist in our space and we have an idea of which ones may be better than others. Of course, this is often due to … [Read more...] about Choosing Application Security Tools

Filed Under: General Tagged With: application security, AppSec, awareness, dast, iast, owasp, pen testing, penetration testing, pentest, qa, sast, secure design, secure development, security, security testing, security training, testing, top 10, vendors

February 24, 2018 by James Jardine Leave a Comment

OWASP 2017 Changes

When I talk to people about application security, the most recognized topics is the OWASP Top 10. If you haven't heard of the top 10, or need a refresher, you can get the full list at: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf The OWASP Top 10 is on a three year update cycle. We had the list in 2010, 2013 and now the latest is 2017. You may be wondering why it is 2017 rather than 2016. I think that is a question a lot of people had. In any case, the list made it out … [Read more...] about OWASP 2017 Changes

Filed Under: General Tagged With: application security, AppSec, awareness, database, owasp, pen testing, penetration testing, pentest, qa, secure design, secure development, security, security testing, security training, testing, top 10

February 14, 2018 by James Jardine Leave a Comment

Two-Factor Authentication Considerations

There was a recent article talking about how a very small percentage of google users actually use 2-factor authentication. You can read the full article at http://www.theregister.co.uk/2018/01/17/no_one_uses_two_factor_authentication/ Why 2-Factor Two-factor authentication, or multi-factor authentication, is a valuable step in the process to protect accounts from unauthorized users. Traditionally, we have relied just on a username/password combination. That process had its own weaknesses that … [Read more...] about Two-Factor Authentication Considerations

Filed Under: General Tagged With: application security, AppSec, awareness, database, owasp, pen testing, penetration testing, pentest, qa, secure design, secure development, security, security testing, security training, testing, top 10

January 24, 2018 by James Jardine Leave a Comment

Tinder Mobile Take-Aways

While browsing through the news I noticed an article talking about the Tinder mobile app and a privacy concern. You can read the article at https://www.consumerreports.org/privacy/tinder-app-security-flaws-put-users-privacy-at-risk/. To summarize what is considered the issue is that the mobile application does not transmit the photos that you see using HTTPS. This means that anyone on the same connection can see the traffic and, ultimately, see the photos you are presented. From my … [Read more...] about Tinder Mobile Take-Aways

Filed Under: Take-Aways Tagged With: android, application security, AppSec, awareness, database, encryption, ios, mobile, mobile security, owasp, pen testing, penetration testing, pentest, privacy, qa, secure design, secure development, security, security testing, security training, testing, tinder, top 10

February 6, 2017 by James Jardine Leave a Comment

Security Tips for Copy/Paste of Code From the Internet

Developing applications has long involved using code snippets found through textbooks or on the Internet. Rather than re-invent the wheel, it makes sense to identify existing code that helps solve a problem. It may also help speed up the development time. Years ago, maybe 12, I remember a co-worker that had a SQL Injection vulnerability in his application. The culprit, code copied from someone else. At the time, I explained that once you copy code into your application it is now your … [Read more...] about Security Tips for Copy/Paste of Code From the Internet

Filed Under: General Tagged With: application security, AppSec, copy, developer, developer training, passwords, paste, secure code, secure defaults, security, security training

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »

Primary Sidebar

Contact Us:

Contact us today to see how we can help.
Contact Us

Footer

Company Profile

Are you tackling the challenge to integrate security into the development process? Application security can be a complex task and often … Read More... about Home

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • GitHub
  • Twitter
  • YouTube

Contact Us

DevelopSec
Email: james@developsec.com



Privacy Policy

© Copyright 2018 Developsec · All Rights Reserved