Use questionnaires and checklists to make it easy to do the right thing, when you’re building software

To enable SEEK to build products quickly in a competitive landscape, we must accept failure. The question then becomes, how we fail without exposing SEEK or our customers to unnecessary security and reliability…


Cyber criminals from around the world are continuously finding new and i̶n̶t̶e̶r̶e̶s̶t̶i̶n̶g̶ terrifying ways of breaking into websites that we rely on every day — stealing our personal information that is typically made public for the world to see! Businesses are breached so often that we now have websites to…


With the Year-of-the-Breach behind us (I feel like we say that every year), it’s important for businesses with publicly available assets storing sensitive data (websites, services, infrastructure) to setup a process for members of the general public to report security vulnerabilities discovered within their systems and applications.

The following post…


Going by the BSIMM7 chart below (further out to the edge is more mature), companies lack maturity when it comes to training and awareness programs. …


Software development companies are starting to realise that to innovate, stay relevant and compete with competitors they need to adopt a different culture, to enable them to develop, release software faster and attract talent.

The difficulties with this shift in culture and practices from a security context are covered in…


An application security programme is your company’s product security game plan, that has a goal of reducing the number of security flaws introduced into the application over the course of its software lifecycle. While, at the same time increasing the difficulty of exploitation (i.e. …


Defending web and mobile applications against the bad guys has always been hard, there is no escaping that fact. However it doesn’t seem to be getting any easier either. Evolving development practices (Agile, DevOps, CD/CI, IaC) have a big part to play, but there are several other trends that are…

Julian Berton

Security Engineer @seekjobs, OWASP Melbourne chapter lead, Founder appsecday.io Tw: @JulianBerton W: julianberton.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store