~

~/Security

---

• Application Security, Secure Software Development and DevSecOps
• Recent Blogposts
  • Threat Modeling
  • The OWASP Top Ten
  • Secure Coding with Python
  • Secure Coding
  • Static Code Analysis
  • Dynamic Code Analysis
  • SAST
  • DAST
• OWASP Cheatsheet
• Gold Standard Resources

---

Application Security, Secure Software Development and DevSecOps

Application security (AppSec) includes all tasks that introduce a secure software development life cycle to development teams.

Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security issues within applications.

Recent Blogposts

Threat Modeling

Certificate of Completion

The “Four-Question Framework”, General steps used in threat modeling. Determining and Ranking Threats using STRIDE, and managing these risks

The OWASP Top Ten

The OWASP Top Ten is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Talking about the cause-prevention of these risks, and actually performing many related attacks in a controlled environment for each of these ten

Secure Coding with Python

Tools and guidelines to follow when developing projects in Python, to make them less vulnerable and insecure, ensuring high quality and robust Python code

Covers codestyle, module structure guidelines, security tools to check python code, tests with Python, formatters and standardization, and type hinting along with type checking to scan for issues.

Secure Coding

Secure Coding Manifesto- Rules of secure coding or secure software development

A set of practices that applies security considerations to how software will be coded and encrypted to best defend against a cyber attack or vulnerabilities.

Static Code Analysis

Static Code Analysis (also known as Source Code Analysis) is usually performed as part of a Code Review (also known as white-box testing) and is carried out at the Implementation phase of a Security Development Lifecycle (SDL)

Dynamic Code Analysis

Dynamic code analysis involves running code and examining the outcome, which also entails testing possible execution paths of the code.

SAST

DAST

OWASP Cheatsheet

The OWASP Top 10

Index of all Cheatsheets

Application Security Verification Standard

Proactive Controls

Mobile Application Security Verification Standard

Gold Standard Resources

OWASP

ISO 27000 Series

NIST 800-53