Application security should be on the mind of anyone that is part of the application design/build process. That means architects, developers, application owners, QA testers, business analysts and even end users. Everyone of these positions plays a role in the security of the applications. Depending on the organization, the roles can be quite different. You must understand the roles of these positions from a development perspective to really understand how they fit into the security aspect … [Read more...] about SDLC: Understanding your Roles
Business Analysts and Product Managers: Security Roles
In a previous post I discussed how QA plays a critical role in the security of an application. As with QA and developers, the business analysts and product managers are also crucial to a successful security development lifecycle. Not to add any pressure, but it is these two roles that feed into the other groups for the security requirements. When designing an application the focus is usually placed on ensuring that the end user functionality, the functionality to solve a specific problem, … [Read more...] about Business Analysts and Product Managers: Security Roles
Security for QA Testers: The Importance
Quality Assurance (QA) testing is a critical role for any application that is being developed. The purpose: to identify flaws within the application that effect how the application runs and the users that use it. Typically this has focused on the goal of identifying flaws that prohibited the application functions from performing as expected. When I say expected, I mean that the end user is not able to complete his identified task. Over the past decade there has been a growing focus on the … [Read more...] about Security for QA Testers: The Importance
Best Practices for Cyber Incident: DoJ Released Guide
Breaches and other security incidents are happening all of the time, and can happen to anyone. Do you know what to do if an incident occurs in your backyard? The Department of Justice recently released the Best Practices for Victim Response and Reporting of Cyber Incidents to help you understand the process. Looking through the 15 page document, there are quite a few great points that are made. Here are just a few examples of what are included. I encourage you to check out the entire … [Read more...] about Best Practices for Cyber Incident: DoJ Released Guide
Beware the Edge Cases: Master the Fundamentals
Have you seen some of the cool things that hackers can do? I remember a few years back when they created the BlueSniper Rifle, a device that could allow picking up a BlueTooth signal from up to a mile away. That is pretty impressive for a technology that was meant to be used at a distance of just a few meters. This is just one example of ways that hackers have found ways to bypass the limits of a technology. Some of these things you may have never heard of, whereas some are picked up by the … [Read more...] about Beware the Edge Cases: Master the Fundamentals
Static Analysis: Analyzing the Options
When it comes to automated testing for applications there are two main types: Dynamic and Static. Dynamic scanning is where the scanner is analyzing the application in a running state. This method doesn't have access to the source code or the binary itself, but is able to see how things function during runtime. Static analysis is where the scanner is looking at the source code or the binary output of the application. While this type of analysis doesn't see the code as it is running, it has … [Read more...] about Static Analysis: Analyzing the Options