A massive proportion of our security issues are caused by Requirements which are incomplete Not enough knowledge on secure software design and implementation Increasing complexity Unknown interfaces and communication patterns […]
For many years application performance and security were an afterthought. Developer focused on implementation of new features. Tester executed functional tests and compared actual with expected results. Operational teams deployed […]
Privacy is one of our valuable goods and attackers around the world have started to take this sensitive information away. Research has shown that private data of more than 3 […]
General Data Protection Regulation (GDPR) will come into force on 25th May 2018. It applies to any organization that holds or processes personal information of any European citizen and it’s […]
Recent attacks against major players in Telecommunication and Financial Services industries have shown that security is still a topic we need to work on. For a long time companies have […]
A few years ago, major CPU vulnerabilities have been identified. For some reason nobody spend time on research in this area and tried to utilize those leaks. At the same […]
There are many useful blogs which provide good insights about best practices in our performance engineering, testing and optimization space. Feel free to use my collection of recommended readings for […]
Project teams more and more realize that performance and security of their implemented applications is critical to their success. They integrate security tests, load testing and performance monitoring in their […]
The fix for a recent vulnerability in many Intel based CPUs will slow down applications by up to 50%.
Open source is at the heart of almost every application. If you have ever developed a new application from scratch, the chance is very high that you've also built this on open source. In this post, I will outline risks related to open source and give you a mitigation approach.
Software testers are sometimes unable to cope with the verification of security requirements because of their very technical nature. In this post, I will give you some guidance and orientation which you can use right away for your application security testing activities.
Software development does not always follow a well-structured process. Some companies tend to give developers more flexibility than others, which often results in critical vulnerabilities and high rework activities. Therefore, independent whether your projects follow agile or waterfall development principles, you shall apply some basic secure software development principles to avoid security loopholes.
Our testing toolchain is quite impressive. Some are very specific, and others support a broad range of technologies and testing activities. However, when it comes to technical testing, more specifically, automated and performance testing there are still gaps. In this post, I will outline this cleft.
Software development is often an unguided missile. Coding standards are seldom in place and developers decide what framework and libraries they will use for implementation of their applications. However, there are ...
Two of three security breaches account to vulnerable applications. Cyber criminals use your weak business applications to get access to confidential data without beeing detected.
Cybercrime is on the rise and in 3 of 4 security breaches, hackers target vulnerable applications instead of the backend infrastructures. However, this trend is surprising because the risk reduction is quite simple.