Software Integrity

Archive for the 'Agile Methodology' Category

 

Is threat modeling compatible with Agile and DevSecOps?

Bryan Sullivan, a Security Program Manager at Microsoft, called threat modeling a “cornerstone of the SDL” during a Black Hat Conference presentation. He calls it a ‘cornerstone’ because a properly executed threat model: Finds architectural and design flaws that are difficult or impossible to detect through other methods. Identifies the most ‘at-risk’ components. Helps stakeholders […]

Continue Reading...

Posted in Agile Methodology, Application Security, DevOps | Comments Off on Is threat modeling compatible with Agile and DevSecOps?

 

Agile development for application security managers

In today’s competitive business environment, it is more important than ever to develop applications not only accurately but quickly. The traditional “waterfall” method is effective, but requires so many steps that the process cannot keep up with today’s software development needs. Agile is a development methodology that speeds up software development dramatically, along with several […]

Continue Reading...

Posted in Agile Methodology, Application Security | Comments Off on Agile development for application security managers

 

A spell check equivalent for building security in

Originally posted on SecurityWeek I can honestly say that spell check is the reason I now know how to spell “separate.” It only took about 20 years of patient and faithful repetition from Microsoft Word. The concept of spell check is intriguing when considered in the context of security. There is a significant benefit to […]

Continue Reading...

Posted in Agile Methodology, Security Training, Static Analysis (SAST) | Comments Off on A spell check equivalent for building security in

 

How does Agile overcome common software security challenges?

Paradoxically, security is a negative goal. To secure something, you must understand how insecure it is. Start by trying to break it or by figuring out how other people might break it. The same is true of software. For example, a simple user input field on a mobile or web app may require the user to […]

Continue Reading...

Posted in Agile Methodology, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on How does Agile overcome common software security challenges?

 

Are your applications really protected? It’s all about the pivot

Originally posted on SecurityWeek Hackers are human. Hopefully that doesn’t surprise you too much. Being human means that they are subject to human tendencies, like taking the path of least resistance. To a hacker, this means avoiding the most protected way to an asset. They know that no one can simply walk into the room […]

Continue Reading...

Posted in Agile Methodology, Application Security, Network Security, Software Security Testing | Comments Off on Are your applications really protected? It’s all about the pivot

 

How secure software development works in the real world

Pure Agile and pure Waterfall don’t occur in the real world. Instead, software development takes place on a spectrum. There are infinite variations and most real world software teams incorporate elements of Waterfall, Agile, and other methodologies into their SDLC. Software life cycles are as unique and varied as the organizations they serve. At each […]

Continue Reading...

Posted in Agile Methodology, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on How secure software development works in the real world

 

All aboard! Enjoy your journey on the Agile SDLC train

The Agile software development methodology is based on collaborative decision making between requirements and solutions teams. It’s a cyclical, iterative progression of producing working software. For just a moment, think of the Agile life cycle as a high-speed train flying down the tracks of software security. After all, a train won’t get very far without the […]

Continue Reading...

Posted in Agile Methodology, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on All aboard! Enjoy your journey on the Agile SDLC train

 

Security: A true crown jewel of software

Originally posted on SecurityWeek A journalist asked me an interesting question this week: “Why doesn’t the Agile Manifesto address security?” After some thought, I think I have a good answer. It does. Recently, I’ve been carefully reviewing “The Manifesto for Agile Software Development,” the seminal document for agile development principles. The document, better known as […]

Continue Reading...

Posted in Agile Methodology, Software Security Testing | Comments Off on Security: A true crown jewel of software

 

4 threat modeling questions to ask before your next Agile sprint

Creating a threat model for a moderately complex application can take several weeks and requires a certain level of software security expertise. Just because you’re following an Agile development methodology doesn’t mean that you can ignore potential flaws in the design of the application. The way in which you look for those flaws may need […]

Continue Reading...

Posted in Agile Methodology, Software Architecture and Design, Threat Modeling | Comments Off on 4 threat modeling questions to ask before your next Agile sprint

 

10 ways to infuse security into your software development life cycle

Implementing security measures should be a top priority to ensure the success of your software development life cycle (SDLC). First things first, it’s vital to maintain engagement with stakeholders throughout the development process. Understanding and managing stakeholder expectations guarantees that the final product’s success, in the stakeholder’s eyes, complements the criticality of designing and building security […]

Continue Reading...

Posted in Agile Methodology, Security Training, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on 10 ways to infuse security into your software development life cycle