Ashutosh Agrawal is an associate managing consultant at Synopsys. Over the last nine years, he has performed and led a wide variety of application security assessments including penetration tests, secure code reviews, and threat modeling projects. He has deployed static analysis tools, developed SSDLC policies and standards, and has delivered several instructor-led training courses. Ashutosh possesses extensive project management experience as a key member of Synopsys' strategic Software Security In-a-Box and BSIMM initiatives. Ashutosh has a Master's in Computer Science from the University of Southern California and is currently based in Washington DC. In his spare time, he loves to teach Hindi to students via Google Hangout.
A security training strategy can help your organization build key software security initiative capabilities. Here are just three of its long-term benefits.
Posted in Security Training | Comments Off on 3 ways that AppSec training benefits your long-term security strategy
Organizations typically make three common mistakes when establishing a software security initiative (SSI). The ability to reflect on these mistakes can help firms determine whether or not their program is moving in the right direction. Let’s explore some of the most common software security initiative mistakes and alternate approaches to get firms on the right track. Ad-hoc program vs. roadmap-based program Until recently, most firms didn’t perceive a SSI as a separate program. The software security functions were either ignored or haphazardly accomplished by leveraging other divisions in the organization such as development, IT operations, and network teams.
Posted in General | Comments Off on 3 common mistakes companies make when starting a software security initiative
Join us as we explore three cyber security breaches that made waves in 2015, and what they mean for the future of security.
Posted in Data Breach, Maturity Model (BSIMM) | Comments Off on 2015 cyber security breaches that will live in infamy
In Python, you can use pickle to serialize (deserialize) an object structure into (from) a byte stream. Here are best practices for secure Python pickling.
Posted in Developer Enablement | Comments Off on Understanding Python pickling and how to use it securely