Teaching Cyber Blog

Category: Application Security

  • So, DevSecOps Threat Modelling Tools, Which One To Use?

    So, DevSecOps Threat Modelling Tools, Which One To Use?

    Threat modelling is a thought process to identify potential security risks.  Ideally this is done as early as possible within the software development lifecycle and at the design stage.  Threat modelling meetings should be engaging and not long winding, with a clear end and with no recurring meetings unless there is a significant change in…

  • Application Security: Top 3 Tasks for an AppSec Team to Prioritise

    Application Security: Top 3 Tasks for an AppSec Team to Prioritise

    An application security team job role is the security of software applications throughout their lifecycle. The challenge is the complexity of building software and priority of software to be released quickly without hindering productivity.  Where to start?  These three areas should be the first areas to focus on and mature as time passes by. Start…

  • Using DevSecOps for Artificial Intelligence (AI) Solution Security Development

    Using DevSecOps for Artificial Intelligence (AI) Solution Security Development

    Welcome, in this article I discuss merging the rules of DevSecOps to help build more secure  artificial intelligence solutions of the future. DevSecOps, which combines development, security, and operations, can play a significant role in enhancing AI solution security. DevSecOps practices can be applied to help improve AI solution security overall. Use Secure AI Model…

  • Three step plan to protect containers

    Three step plan to protect containers

    Welcome and thank you for reading this article!  Protecting containers is essential to the security of a container-based application, data and associated services integrated with it. Where to start? This three step plan will help mitigate against the majority of threats, with the understanding container security is continuous with no real end stage. 1. Follow…

  • How to introduce security into DevOps?

    How to introduce security into DevOps?

    Evolving from DevOps to DevSecOps, is it a ‘pipeline dream’ or something that can work within an organisation. This article covers the areas a business need to focus on to help make it happen. DevOps practices (combination of development and IT operations) can be critical to a business and its profitability, so it is important…

  • How to make a secure file upload secure?

    How to make a secure file upload secure?

    Thirteen steps to make your file upload more robust against attack. Pragmatic cyber security tips to help secure your file upload feature, forming part of an application, such as internet facing web application. 1. All validation processes should be performed on the server, not on the client side, this is to prevent user manipulation from…