Access relevant articles and papers on Application Security and related topics
Avoiding Cross Site Request Forgery – A comprehensive guide
IDC Report – Digital Security Challenges from design to deployment
SDLC (Secure Development Life Cycle) is covering a wider range of features and responsibilities generating new figures like the DevSecOps. We will try to understand the impact of Digital Transformation in the companies, the society and the new applications developed to serve the new digital necessities with the highest security level.
Injection Attacks – The Complete Guide
The definitive guide to understand & address the most dangerous cyberattack: injection (including SQL, LDAP, XML, XPath, XXE, EL & OS Command).
An in-depth guide to address REST (REpresentational State Transfer, an architectural style that defines a set of constraints and properties based on HTTP) security issues.DOWNLOAD
OWASP Top 10 – 2017
The most comprehensive, practical guide to application security based on 2017 renewed OWASP Top 10 standard.
4 steps for improving my DevSecOps process + 3 KPIs to monitor my results
A comprehensive, practical guide to set up a DevSecOps process in your application life cycle & key indicators to monitor the results.
Why businesses need Application Security
This comprehensive guide outlines the latest trends in application security, with up-to-date figures in terms of known attacks and the steps required to solve them.The guide is a must-read for those interested in learning how to secure their application portfolios.
Bulletproofing your SAP ABAP applications
Your comprehensive guide to bulletproofing your ABAP developments. Have you heard of SQL injection or backdoors? Do you know how to face these and many other security threats? Learn about vulnerabilities distribution and attack surface, and discover how to fix them all…. one at a time.
Capers Jones’s Twenty Five Software Industry Goals for the Years 2015 through 2019
Progress in the software industry has resembled a drunkard’s walk, with both improvement and regressions occurring at the same time. For example agile is an improvement for small projects, but pair programming is a regression and an expensive one to boot. This short paper provides 25 tangible goals that should be achievable within 5 years, assuming a starting year of 2015.
The art of outsourcing your software development
This paper presents and assesses the different techniques for the code quality and security evaluation that a “receptor” (recipient organization) of externally developed software can apply to determine the intrinsic (technical) quality and security of the delivered software.