November 18, 2018
DevSecCon London 2018 takeaways
I recently visited DevSecCon London 2018 and kept notes of my takeaways. Read about them in this Google Doc and feel free to comment on it.
November 6, 2018
IoT security
Here's the best recent article/opinion I've read on IoT security, written by Bruce Schneier.
It touches upon the market dynamics and covers the inevitable government regulation.
Very well put! Highly recommended read.
It touches upon the market dynamics and covers the inevitable government regulation.
Very well put! Highly recommended read.
September 12, 2018
Handy tool to check CSP
https://blog.thomasorlita.cz/vulns/google-csp-evaluator/
Useful to defenders and attackers (bug bounty hunters?) alike.
Useful to defenders and attackers (bug bounty hunters?) alike.
September 1, 2018
Sec tools: Should you buy or build?
Are you contemplating buying a security blinky box that will solve your problem? Could the team build something similar from scratch or re-using open source components? Valid dilemma.
This should help. Especially the analysis of steps #2, #3 and #4.
This should help. Especially the analysis of steps #2, #3 and #4.
August 29, 2018
Lessons on implementing SAST
Long but great reading on how Google does SAST. Contains things that didn't work for them and what they did to end up with working solutions.
The Lessons and Conclusion chapters are must read! Especially for anyone that tries to implement SAST in an organization.
June 16, 2018
Signal Sciences devops-sec roadmap
Signal Siences published The devops roadmap for security in 2016. I just read it and found it quite easy and interesting. Obviously, it's about integrating security in a devops organization.
Most things they touch on can also be found elsewhere, but:
- page 14 makes clear why a good engineering culture is important in general and in particular for security (hint: because there's not enough security engineers and you need others to do some of the work)
- pages 15-16 are must read; they outline Lean Security and what we must do right to not be rejected by the delivery organization
Subscribe to:
Posts (Atom)