Monday, 2 October 2017

10 Reasons why we need Application Security Testing Tools

Despite the fact that there are quite a few reservations concerning the use of application security scanning technologies (e.g. false positives, false negatives, usability and of course the price), there are also a couple of good reasons for using such tools:

1. Applications are becoming bigger and bigger
Enterprise applications can be quite big: 100,000 lines of code are some sort of lower boundary. Larger applications can easily have millions of lines of code. The same goes for the number of unique sites and business functions such an application can have. On the same hand, even a code reviewer will only be able to manage to analyses 1,000 lines of code a day.

2. Applications do often change
Especially agile developed (Web) applications are periodically changed every sprint (e.g. every two weeks). But changes can also occur in the environment or integration of a productive application. For instance, many Web applications are dynamically linked with other sites. Where some changes are trivial with no security impact, others will make a security review of the whole application necessary (e.g. due to architectural changes). Manual pen testing or code review cannot solve that problem.

Tuesday, 27 June 2017

Basics of Software Development Life Cycle (SDLC)

What is the Software Development Life Cycle?
The Software Development Life Cycle (SDLC) is a framework that defines activities performed throughout the software development process.
The six phases of the SDLC:
  1. Analysis. This is the first phase of any SDLC model. The project objective is determined during this phase. The client and company developing the software decide if they should keep the existing system as is, if changes are necessary, or if there is a need for new software. In the event that there is a need for new software, an estimate of resources (e.g., people, cost, etc.) is established during this phase. This information is then assembled into a project plan and submitted for management approval.
  1. Requirement Gathering. The stakeholders, system users, and developers meet during this phase to decide the requirements of the application they are building. The goal of this phase is for everyone to understand each software requirement and the scope of work. Questions that require answers during this phase include:
    • Who will use the system?
    • How will they use the system?
    • What will the input be for the system?
    • What will the output be for the system?
Next, a software requirement specification (SRS) document is created. This SRS document acts as the guidelines for the next phase.

Tuesday, 6 June 2017

Do you know the roles & responsibilities of a Security Professionals?

When I found the way to get into the Security Domain of my career interest, I found many interesting Security Roles that would help you to choose the right destination you want to become in your Security professional career.

Below are some of the important organisation specific Security Roles & its Responsibilities. Grooming yourself with each responsibilities and specializing in that area will make you an expert.

All the very best guys! Hope this was a very useful piece of information.

Wednesday, 3 May 2017

How to get to the next level in Information Security?

I’ve been thinking a lot about how to get to the next level in my field of information security, and I’ve come to a pretty interesting conclusion:
It’s not possible to just study in this field — you have to implement each thing you’re trying to learn if you want to get the full benefit.