Application Security

3 Benefits of Threat Modeling

What are the benefits of Threat Modeling? To complete the idea on the post about Threat Modeling, on this post the approach is on the benefits might not be directly visualized quen applied to threat modeling. In case you have started the reading by this post perhaś it is better to start by the “Basic Concepts of Threat Modeling”. On our previous article it was explained a little on the…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

What Is Threat Modeling

Contextualization Why should we think on threat modeling? Well, during the software development process, some steps must be observed so the final result is truly a secure application and is able to reach all established requisites. New policies and normatives are being created so data owners will have the guarantee that their information is secured. Privacy has become an overrated therm…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Security Testing - applying it to the pipeline

In the first part of our article, we talk about the basic concepts of security testing. In this second part, we will deal more directly with each of the tests that we understand to be necessary within a development pipeline. What we have to keep in mind here is that these two articles do not own the truth or even should be followed as a test checklist to be used, we want to bring the subject…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application SecurityInfrastructure

Moving from DevOps to DevSecOps

Who should read this DevSecOps article? Whether your company produces or consumes software, understanding the best practices when moving from DevOps to DevSecOps is important to you. If your company does not operate any agile model or even DevOps practices, surely one of your suppliers uses this method in development. That’s a good reason for you to know more about each of them, and…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application SecurityOWASP SAMM

Implementing an Application Security program based on OWASP SAMM

Application security is a very broad topic and generally minimized to testing. Seeking to provide more information on the subject and approach in a structured manner, I will write a series of articles addressing all practices of the OWASP SAMM Framework. Every Monday an article will be released detailing a practice, in total there will be 16 articles, this introduction included. OWASP…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Application Security Differences - web and mobile

With the market of mobile application development (the famous “mobile apps”) growing considerably, attacks on mobile applications have also started to receive more attention, as already explained in our article on the mobile security scenario in 2020. As a result, many developers and security experts are increasingly looking to learn about security within mobile applications.
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

The Importance of Metrics in Application Security

Peter Drucker once said, “That which is not measured, is not improved.” He’s right – what we can’t understand, we can’t improve or even know if it’s working or not. When we apply that same thought to the secure development processes, we realize that few companies really understand what’s going on in their process. At most, they have a sense of the…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application Security

Which topics should an AppSec Training Contemplate?

The development market seems to be becoming more and more aware of the need for Application Security Training (AppSec). However, the market still looks for generic training, which often meet compliance issues, but do not add real value to development teams. Therefore, this article will present the characteristics and subjects for a good AppSec training. The Target Audience in AppSec…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions

Application SecurityOWASP SAMM

Governance according to SAMM: Policies and Conformities in Application Security

In the previous article we talked about the establishment of the program, its dissemination, definition of metrics and monitoring so that the program can be evolved. In this article we will talk about the importance of defining guidelines and monitoring.  Before we go into practice about implementation, we will understand the difference between policies and standards: Policies: Policies are…
Read more

4 tips for those who want to invest in a career in Application Security

"Forgot your password?" - The problem with security questions