Tag Archives: Secure SDLC

Agile Threat Modeling

Combining threat modeling with an agile development methodology such as Scrum is a quite challenging topic: Creating a threat model usually requires an experienced security expert and some effort to do this. But how does this work, wen a model … Continue reading

Posted in Threat Modeling | Tagged , , , , | Leave a comment

Automatic Testing for Security Headers

Today, performing unit tests has become a standard in many development teams for automatically performing various tests on code (e.g. as a compulsory part of the build process). Especially in agile development, the existence, completeness and quality of such tests … Continue reading

Posted in Java, Security Test Automation | Tagged , | 1 Comment

Code Scanning Models: Factory vs. Self Service

A few months ago, Gary McGraw wrote an interesting article on SAST deployments in the field. In it, he basically differentiates two service models: Code Scanning Factory (actually he called it “centralized code review scanning factory for code review”) Self Service … Continue reading

Posted in SAST | Tagged , | Leave a comment

10 Reasons why we need Application Security Testing Tools

Despite the fact that there are quite a few reservations concerning the use of application security scanning technologies (e.g. false positives, false negatives, usability and of course the price), there are also a couple of good reasons for using such … Continue reading

Posted in SAST | Tagged , , | 2 Comments