Pragmatic Application Security
Thoughts about Secure Development & AppSec Test Automation
The idea of integrating security into the software development process is not new. I can’t say for sure if Microsoft really was the first one who came up with this concept, but the Secure Development Lifecycle (SDL) that Microsoft published in 2002 lay doubtless the foundation of what is today generally referred to as a … Read more
Combining threat modeling with an agile development methodology such as Scrum is a quite challenging topic: Creating a threat model usually requires an experienced security expert and some effort to do this. But how does this work, when a model can be outdated quickly when new threats are introduced by every new user story and … Read more
Agile software development has gotten more and more attention in the last couple of years. Not only internet startups or media agencies but also large companies from conservative business lines like automotive, banking, insurance, and the public sector are more and more adjusting to the agile world. Since those companies are often already very much … Read more