Software Integrity Blog

Author Archive

Ashutosh Agrawal

aagrawal

Ashutosh Agrawal is an associate managing consultant at Synopsys. Over the last nine years, he has performed and led a wide variety of application security assessments including penetration tests, secure code reviews, and threat modeling projects. He has deployed static analysis tools, developed SSDLC policies and standards, and has delivered several instructor-led training courses. Ashutosh possesses extensive project management experience as a key member of Synopsys' strategic Software Security In-a-Box and BSIMM initiatives. Ashutosh has a Master's in Computer Science from the University of Southern California and is currently based in Washington DC. In his spare time, he loves to teach Hindi to students via Google Hangout.


Posts by Ashutosh Agrawal:

 

3 ways that AppSec training benefits your long-term security strategy

Security training is an investment that yields critical returns to both the organization and the organization’s most valuable asset—its people. Training can directly impact key metrics like bug density ratios and time to remediation if it is implemented effectively. Today, I’ll highlight three ways that application security training can effectively benefit your long-term security strategy and mature your software security program.

Continue Reading...

Posted in General, Security Training | Comments Off on 3 ways that AppSec training benefits your long-term security strategy

 

3 common mistakes companies make when starting a software security initiative

Organizations typically make three common mistakes when establishing a software security initiative (SSI). The ability to reflect on these mistakes can help firms determine whether or not their program is moving in the right direction. Let’s explore some of the most common software security initiative mistakes and alternate approaches to get firms on the right track. Ad-hoc program vs. roadmap-based program Until recently, most firms didn’t perceive a SSI as a separate program. The software security functions were either ignored or haphazardly accomplished by leveraging other divisions in the organization such as development, IT operations, and network teams.

Continue Reading...

Posted in General | Comments Off on 3 common mistakes companies make when starting a software security initiative

 

2015 cyber security breaches that will live in infamy

The old proverb, “you don’t know where you’re going until you know where you’ve been,” is a very apt description for the field of application security. The application security industry is still relatively new, and we are still learning from our mistakes as we create a baseline from which are able to move forward.  In order to learn from our past, we must first identify areas that require improvement.

Continue Reading...

Posted in Data Breach, Maturity Model (BSIMM) | Comments Off on 2015 cyber security breaches that will live in infamy

 

Understanding Python pickling and how to use it securely

Post written by Ashutosh Agrawal, Senior Consultant and Arvind Balaji, Associate Consultant

Continue Reading...

Posted in Uncategorized | Comments Off on Understanding Python pickling and how to use it securely