DevOps & Software Security: Turning unplanned work into planned work

posted on Feb 23, 2015 by Rohit Sethi

Every IT worker I’ve met  has heard me rave about The Phoenix Project. The book uses an all-too-realistic fictional scenario to discuss the behaviors of a high performing IT organization, with a particular emphasis on the convergence of development and operations (i.e. DevOps). One lesson from the book that really resonated with me was breaking down…

Cyber-Flood Friday

posted on Feb 20, 2015 by Yousif Hussain

This weeks edition of Cyber-Flood Friday features more DDoS news at the realm of the Lizard Squad, as well as an article discussing personal security implications that derives from technology. It is important to take security measures when considering the prominence technology carries in the world today. The following articles show impacts a lack of…

Debunking Myths: Application Security Checklists Suck

posted on Feb 16, 2015 by Rohit Sethi

There is a pervasive sentiment amongst the security community about checklists: they suck. We’ve all seen inflexible audit checklists that seem to be highly irrelevant to the specific system being audited. Moreover, we are all too aware of organizations doing the bare minimum to meet a checklist item on an audit report, even at the…

Cyber-Flood Friday

posted on Feb 13, 2015 by Yousif Hussain

This weeks Cyber-Flood Friday features more about DDoS attacks that occurred throughout the past week, as well as an interesting new platform Facebook has launched. Below I discuss interesting articles I went through over the last week, and as always I provide you with the latest cyber news! 1) Article: DDoS attack leaves Dutch websites offline for…

Raising the Bar on Application Security Due Diligence

posted on Feb 9, 2015 by Rohit Sethi

Suppose Acme Inc., a multi-billion dollar company, suffers a web application breach that results in loss of critical client data. Buoyed by news of legal settlements, a group of clients decides to file a class-action lawsuit.  Acme’s lawyers begin to prepare a defense and one of the first areas of investigation is assessing if Acme followed…

Cyber-Flood Friday

posted on Feb 6, 2015 by Yousif Hussain

With a new year in store, the people here at Security Compass thought why not start battle testing your DDoS Mitigation. Given our new offering, we have something else to talk about, which is why we began this blog! I will update you on recent news that has to do with DDoS attacks and cyber-crime in…

A Flood Without Water

posted on Feb 6, 2015 by Yousif Hussain

In today’s day and age people usually take on a lot more than they can handle. The first task is okay, the second gets a little harder, but as the third, fourth, fifth, and sixth start piling on one gets overwhelmed and ends up crashing! Well the same thing happens to websites, when they are…

Is Your DDoS Mitigation Battle Tested?

posted on Feb 4, 2015 by sahba

The rising wave of DDoS attacks over the past twelve months have impacted many financial service organizations, in some cases costing them service downtime, productivity, brand reputation, falling stock prices, and more. You wouldn’t go to a boxing match without first sparring, so why risk everything implementing and trusting security solutions without thorough and ongoing…

4 Reasons Why You Should Define Software Security Requirements for Mature Applications

posted on Feb 2, 2015 by Rohit Sethi

There’s a common misconception that security requirements are only useful for net new applications. Most people think once an application has been developed, it’s too late to introduce new security requirements. While you might realize maximum cost effectiveness by building security requirements in right from the start, the reality is that any application can benefit…

4 reasons why developers don’t read secure programming guides

posted on Jan 26, 2015 by Rohit Sethi

At Security Compass, we had the experience of building secure programming guideline documents for a number of clients. Unfortunately, we found that in many cases the documents became shelfware and were rarely read by developers. If you’re a security Subject Matter Expert (SME) who has built a secure programming guide, there’s a good chance you’ve experienced…