Category Archives: Uncategorized

Cyber Security in 2017 – It’s about Breaches in Web Applications!

The last year had been an interesting one for information security with a number of different studies and media coverage on (web) application security. So it’s worth looking a bit closer at that data. I will try to put these … Continue reading

Posted in Uncategorized | Leave a comment

An Organizational View on Application Security

When it comes to integrating application security into an (especially large) organization, we often experience a bunch of practical problems and frustration. In the end, a lot of money may have been spend, but little or no improvement to the … Continue reading

Posted in Uncategorized | Leave a comment

Microsofts New Threat Modeling Tool

A week ago I had the pleasure of giving a speach at OWASP AppSec EU in Rome on the new Microsoft Threat Modeling Tool 2016 that came out last November and is still available for free. The Threat Modeling Tool … Continue reading

Posted in Uncategorized | Leave a comment

Automating DAST Scans with Jenkins, Arachni & ThreadFix

I’m often asked how security tests can be automated with non-commercial tools, e.g. triggered by a Jenkins build. Therefore I decided to write this post, to give you a bit of understanding which tools you can use and what you … Continue reading

Posted in DAST, Java, Security Test Automation, Uncategorized | Tagged , , , | 4 Comments