From the blog

Insights from our practitioners across the field of software security.

Security Threat Modelling

OWASP Cornucopia Online And Mobile

Our online threat modelling system, Copi, is now an open source OWASP project and the Cornucopia team have released a new deck for mobile apps!

Toby Irvine

Product Security Expert

Medical Devices Best Practices

Cybersecurity in Medical Devices Guidance

Our expert in medical device security and DFIR, Vee Schmitt, takes a critical look at the recently-released guidance on medical device security from the FDA.

Vee Schmitt

DFIR & Devices Expert

Secrets Management Best Practices

The Lost Art of Keeping a Secret

Benjamin Franklin said that three people can keep a secret only if two of them are dead. If you want to keep your teammates around, let's look at safely handling secrets.

Toby Irvine

Product Security Expert

DevSecOps Product Security

What is DevSecOps? (And DevOps)

The IT industry takes simple practices and turns them into monstrous delivery methods with little of the original left. We'll wind back to see what's really going on.

Toby Irvine

Product Security Expert

Security Product

Securing the Digital Factory: Part 1

Analogies are terrible, but the factory one has shown some use in software engineering. Let's gird our analogous loins and take a look at how we secure this digital factory.

Toby Irvine

Product Security Expert

API Security Capture The Flag

OWASP API Top 10 CTF Walk-through

So you wanna hack an API? Let's analyse an API using the OWASP API Security Top 10 to guide our effort and hack it, together. Maybe we'll capture some flags while we're at it?

Grant Ongers

CISO & Community Leader

Security Process

Chesterton's Fence, and Monkeys

It can be hard to know how to change your ways of working to be more secure. Here we look at the types of security controls and what monkeys can teach us about processes.

Toby Irvine

Product Security Expert

Security Organisations

Scaling Product Security Across the Org

Your security team is overloaded. There are barely enough hours in the day to keep up with incoming requests, let alone improve ways of working. What's the cause of this?

Toby Irvine

Product Security Expert

Security Networks

What is The Cloud? (it's Zero Trust)

The internet is a scary place. Thankfully we've got all our services on a private network and only accessible over a dedicated link. That's more secure, right? Right? Oh no...

Toby Irvine

Product Security Expert

Security Process

The Chaos Butterfly of Security Standards

We specifically requested that things must be secure. It's detailed at length in our security policies and standards on Sharepoint. Why aren't things more secure?

Toby Irvine

Product Security Expert

Security Delivery

The Biggest Misconception in Application Security

Your instinct for safety isn't necessarily correct. Delivering slowly isn't more secure, it's fearful, and if you're afraid of changing a system then the system is not secure

Toby Irvine

Product Security Expert

Security Product

Building a Culture of Quality, Not Just Security

In this article we explore the concepts of quality and culture within an organisation. And, in a startling break with tradition, actually define what they are and how to change them

Toby Irvine

Product Security Expert

Security Product

Number of Data Breaches is not a Good Security Metric

It's hard to manage product security if all you have is a lagging indicator of it. Reacting to data breaches is not planning ahead. How do you know that things are being built securely?

Toby Irvine

Product Security Expert

Get in touch

We'd love to hear from you. Let's start your journey to world-class secure software product delivery today!

Address
Secure Delivery
Office 7, 35/37 Ludgate Hill
London
EC4M 7JN