DevOps in the Trenches: Get Started with Metrics

While it is nice when an enterprise recognizes the value of getting everyone working together in an end-to-end value stream, the reality is that’s not where most DevOps initiatives start. Often, one particular silo decides there is value in working more closely with others and seeks ways to do so. I call this “DevOps in […]

Read more
Narrow versus Strong AI: The Future of Artificial Intelligence

Artificial intelligence is one of the fastest growing fields in the technology world, but there’s still a lot of uncertainty surrounding what truly qualifies as AI, the different types of AI, and how quickly AI is advancing. First, it’s important to set a framework about what AI is. While there isn’t one accepted definition, most […]

Read more
Understanding Session Management – One of OWASP Top 10 (Part 2)
Security

Welcome to the second half of my two-part blog on Understanding Session Management. In part 1, we covered what was session management and started digging into some possible attack types associated with this vulnerability. Here we will continue to look into other associated attack types. 4. Cross-Site Request Forgery (CSRF) – Severity: High “Cross-Site Request […]

Read more
Application Security Review Process – A Case Study
Padlock on a green door

What is application security, or AppSec? Let’s talk about web application security first. OWASP was created in 2001 and has been known as the best community for web application security. Volumes of online resources for web application security defects, security testing, and security projects have been produced by OWASP. Yet web application security is only […]

Read more
Agile Feedback: 7 Agile Ceremonies and Processes That Benefit

(…and 1 that Doesn’t!) In my last blog post, I discussed why agile feedback is such an integral practice for high-performing teams. Feedback allows teams to effectively collaborate, communicate, and iterate to create a high-quality, polished product. While these qualities are always important, practice is even more invaluable during a time of physical distancing. When […]

Read more
5 Work From Home Tips to Help You Through the Day

In the current world climate of a global pandemic, many companies have transitioned to working from home. But there are many professionals, including myself, that have worked from home even before the emergence of COVID-19. Working from home can be a difficult transition, especially if it was sudden, but there are many tips and tricks […]

Read more
13 Ways to Improve Maintainability

At a high level, maintainability defines the ease with which changes can be made correctly. Correctness in this sense means that the intended changes are made without introducing unexpected side effects. Code should be structured so as to be easily modifiable. Tests should be in place to prevent regression, ensuring that existing functionality is unaffected […]

Read more
Dependency Checking Your Ruby Application

Dependency Checking Your Ruby Application Checking your application’s dependencies for known vulnerabilities is a critical, relatively low effort step you should take to secure your application, which you may have read about in another recent article: What is SCA? Compared to the wealth of tools used for dependency checking in, for example JavaScript,  there’s not […]

Read more
Database Security – A Pentester’s Notes
Padlock on a green door

One of the most prevalent issues that continue to vex application developers is weaknesses in database security that open us to exploit.  Database security is a broad subject, and I will not cover all the security issues here but want to provide context and understanding around some of the more comment vulnerabilities. In this blog, […]

Read more
X