Published inOUSPGAgile security testing — pentest and automateIn this post, I explore the idea of agile security testing, performing penetration testing first and then designing security test casesJun 3, 2021Jun 3, 2021
Published inOUSPGBottom-up security testing — security in all levelsSecurity testing is often seen as a top-down activity, which starts with threat and risk assessment and proceeds towards the details of…Apr 6, 2021Apr 6, 2021
Published inOUSPGSecurity design with principlesIn this post, I go through some well-known secure design principles and how they could be applied to create useful security requirements…Mar 2, 20211Mar 2, 20211
Published inOUSPGReduce vulnerabilities by improving security requirementsPreviously, in the post “Turning tables with attackers; from fixing vulnerabilities into fixing weaknesses”, I discussed the merits of…Feb 8, 2021Feb 8, 2021
Published inOUSPGTurning tables with attackers; from fixing vulnerabilities into fixing weaknessesShould we fix vulnerabilities or weaknesses?Jan 26, 2021Jan 26, 2021
Published inOUSPGNative command-line experience for containerized toolsWhat are containerized tools?Oct 27, 2020Oct 27, 2020
Published inOUSPGShades of open source infosec toolsThere are a lot of useful open source infosec tools for tasks like network administration, malware analysis, forensics and incident…Aug 28, 2020Aug 28, 2020
