Nov 30, 2020
The security of any application is a function of the decisions made during development. Measuring the risk of those decisions isn't something contained within a single tool, but instead requires a set of perspectives on how a "bad decision" can manifest itself in the security of the app.
This segment is sponsored by...
Nov 24, 2020
In the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition...
Nov 23, 2020
We threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the "what could go wrong" discussion with DevOps teams? And what's a sign that we're generating useful...
Nov 17, 2020
In the Application Security News, The Platypus Attack Threatens Intel SGX, a Revitalized Attack Makes for Sad DNS, Bug Hunter Hits DOD With an IDOR, Steps for Devops, Testing in Prod, Two More Chrome Bugs, and Open Source K8s Tools From Capital One!
Visit https://www.securityweekly.com/asw for all the latest...
Nov 16, 2020
In a fast-paced tech environment, keeping up with security research can be overwhelming for companies. Automation is a must to keep up - but you also need human ingenuity to make sure automation adds value and not noise. Combining software automation with the knowledge of elite hackers is the key to ensure both speed...