Security
Threat Modelling
OWASP Cornucopia Online And Mobile
Our online threat modelling system, Copi, is now an open source OWASP project and the Cornucopia team have released a new deck for mobile apps!
Toby Irvine
Product Security Expert
From the blog
Insights from our practitioners across the field of software security.
Medical Devices
Best Practices
Cybersecurity in Medical Devices Guidance
Our expert in medical device security and DFIR, Vee Schmitt, takes a critical look at the recently-released guidance on medical device security from the FDA.
Vee Schmitt
DFIR & Devices Expert
Secrets Management
Best Practices
The Lost Art of Keeping a Secret
Benjamin Franklin said that three people can keep a secret only if two of them are dead. If you want to keep your teammates around, let's look at safely handling secrets.
Toby Irvine
Product Security Expert
DevSecOps
Product Security
What is DevSecOps? (And DevOps)
The IT industry takes simple practices and turns them into monstrous delivery methods with little of the original left. We'll wind back to see what's really going on.
Toby Irvine
Product Security Expert
Security
Product
Securing the Digital Factory: Part 1
Analogies are terrible, but the factory one has shown some use in software engineering. Let's gird our analogous loins and take a look at how we secure this digital factory.
Toby Irvine
Product Security Expert
API Security
Capture The Flag
OWASP API Top 10 CTF Walk-through
So you wanna hack an API? Let's analyse an API using the OWASP API Security Top 10 to guide our effort and hack it, together. Maybe we'll capture some flags while we're at it?
Grant Ongers
CISO & Community Leader
Security
Process
Chesterton's Fence, and Monkeys
It can be hard to know how to change your ways of working to be more secure. Here we look at the types of security controls and what monkeys can teach us about processes.
Toby Irvine
Product Security Expert
Security
Organisations
Scaling Product Security Across the Org
Your security team is overloaded. There are barely enough hours in the day to keep up with incoming requests, let alone improve ways of working. What's the cause of this?
Toby Irvine
Product Security Expert
Security
Networks
What is The Cloud? (it's Zero Trust)
The internet is a scary place. Thankfully we've got all our services on a private network and only accessible over a dedicated link. That's more secure, right? Right? Oh no...
Toby Irvine
Product Security Expert
Security
Process
The Chaos Butterfly of Security Standards
We specifically requested that things must be secure. It's detailed at length in our security policies and standards on Sharepoint. Why aren't things more secure?
Toby Irvine
Product Security Expert
Security
Delivery
The Biggest Misconception in Application Security
Your instinct for safety isn't necessarily correct. Delivering slowly isn't more secure, it's fearful, and if you're afraid of changing a system then the system is not secure
Toby Irvine
Product Security Expert
Security
Product
Building a Culture of Quality, Not Just Security
In this article we explore the concepts of quality and culture within an organisation. And, in a startling break with tradition, actually define what they are and how to change them
Toby Irvine
Product Security Expert
Security
Product
Number of Data Breaches is not a Good Security Metric
It's hard to manage product security if all you have is a lagging indicator of it. Reacting to data breaches is not planning ahead. How do you know that things are being built securely?
Toby Irvine
Product Security Expert
Get in touch
We'd love to hear from you. Let's start your journey to world-class secure software product delivery today!
- Address
- Secure Delivery
Office 7, 35/37 Ludgate Hill
London
EC4M 7JN - Telephone
- +44 (0) 207 459 4443
- [email protected]