Category Archives: Secure Software Development

Impressions of OWASP SAMM 2 Beta

Over the last ten years, I have been working with different maturity models for software security, including OWASP SAMM of course. I haven’t used OWASP SAMM 1.x (or OpenSAMM as it was called before it became an OWASP project) have … Continue reading

Posted in Secure SDLC, Secure Software Development, Security Requirements, Threat Modeling | Tagged | Leave a comment

Agile Security & SecDevOps Touch Points

Agile software development has gotten more and more attention in the last couple of years. Not only internet startups or media agencies but also large companies from conservative business lines like automotive, banking, insurance and public sector more and more … Continue reading

Posted in DAST, IAST, Java, SAST, Secure SDLC, Secure Software Development, Security Requirements, Security Test Automation, Threat Modeling | Tagged , , | 5 Comments

Microsofts New Threat Modeling Tool

A week ago I had the pleasure of giving a speach at OWASP AppSec EU in Rome on the new Microsoft Threat Modeling Tool 2016 that came out last November and is still available for free. The Threat Modeling Tool … Continue reading

Posted in Secure Software Development, Security Requirements, Threat Modeling | Tagged | 17 Comments

Additional Object Security with UUIDs

One of the most critical vulnerabilities a Web application can have is an insecure direct object reference. Such vulnerability normaly exists due to an (usually database) object id that an user can directly access and manipulate (and!) that is not … Continue reading

Posted in Java, Secure Software Development | Leave a comment