TLDR; * Threat Modeling is a continuous activity and should be part of every phase of SDLC starting from Design phase itself. * For Threat Modeling, start with something as simple as STRIDE framework and as the organization matures, review and utilize other frameworks as needed. * For resource constrained organizations, start with
June 06, 2023
TLDR; * Finding right balance between Production Speed and Security is all about right Prioritization. It’s a shared responsibility between Security & other teams. * Security Team is an advisor where as Product & Engineering owns the implementation. So, building relationship with other Teams is highly important. * Empathy is one of
May 26, 2023
TLDR; * Security Tools does not mean AppSec. There are other factors to Security as well like People, Process and Governance. * For resource constrained organizations, start with Open Source to improve Security for high impact areas before investing in Wholistic & Expensive Tools. * Instead of following all the best practices like
May 19, 2023