Blog AuthorsMatthias Rohr (15)
Matthias Rohr, CISSP, CCSLP, is the founder and lead security architect at Secodis. Matthias began working in this field in 2004 and is since a frequent speaker on international AppSec conferences, book author, author of TSS-Web and an active AppSec community contributor. He lives and works in Hamburg / Germany.
Author Archives: Matthias Rohr
One of the most critical vulnerabilities a Web application can have is an insecure direct object reference. Such vulnerability normaly exists due to an (usually database) object id that an user can directly access and manipulate (and!) that is not … Continue reading
One publication that usually became a lot of attention in the application security market is of course Gartner’s magic quadrant. A new one for Application Security Testing (that is confusingly abbreviated with “AST”, a term that in software anylysis usually … Continue reading
Today, performing unit tests has become a standard in many development teams for automatically performing various tests on code (e.g. as a compulsory part of the build process). Especially in agile development, the existence, completeness and quality of such tests … Continue reading
A few months ago, Gary McGraw wrote an interesting article on SAST deployments in the field. In it, he basically differentiates two service models: Code Scanning Factory (actually he called it “centralized code review scanning factory for code review”) Self Service … Continue reading
Despite the fact that there are quite a few reservations concerning the use of application security scanning technologies (e.g. false positives, false negatives, usability and of course the price), there are also a couple of good reasons for using such … Continue reading