Showing posts with label Threat Modeling. Show all posts
Showing posts with label Threat Modeling. Show all posts

Tuesday, June 26, 2012

Application Security Quiz


After speaking with a lot of developers we realized they are looking for a fun, quick way to enhance their knowledge about the secure coding aspects of development. We have put together a series of interactive quizzes which test security professionals’ and software developers’ secure development awareness while teaching them how to build more secure software. Please find links to the first two, below. The first quiz is based on the OWASP Top Ten Project and the second quiz is based on best practices of secure coding.  

The OWASP Top 10 is a list detailing the most critical software security risks facing organizations with the goal of raising awareness about application security. Based on this knowledge an organization can measure the strength of its application security controls in place and determine what counter-measures to open threats need to be put in place.OWASP (https://www.owasp.org/index.php/Top_10_2010-Main). 
Try out your knowledge of these Top 10 threats by taking our quiz: 

Secure Coding:
The most efficient solution to managing one’s application security risk is to take security into consideration right from the very beginning of the software development process and ensure that security is built in at every phase of the adopted software development lifecycle. This can be made possible by developers well educated on the available security resources needed to write secure code. Test your secure development awareness by taking our quiz:

We invite you to share these links and we welcome your comments and suggestions.

Wednesday, April 13, 2011

OWASP threat modeling project

We are starting an OWASP threat modeling project to standardize a threat modeling approach which can be used by various companies. During the OWASP portugal summit I had a very meaningful and positive discussion on this topic and got support from a lot of people in the community. You can find out the results of the discussion at the OWASP Threat Modeling project page

If you would like to join the project, please join the mailing list at


Here are some of the topics to be taken up in the first meeting (most probably to be scheduled for next week)
  1. High level project roadmap with milestones.
  2. Call for participants
  3. Review existing resources within OWASP to align with threat modeling project.
  4. Come up with a threat modeling methodology
  5. Publish the first draft

Wednesday, May 05, 2010

MyAppSecurity - Secure Your Applications

As some of you know that I joined WhiteHat Security as a Director of Education Services since Dec 2007 to build their training division from scratch. Though it has been a very demanding job but it has been very satisfying too. I enjoyed working with various companies, training their developers and QA professionals and resolving their web application security issues. Through training, I not only trained people at various companies but also got a chance to interact with different development and security professionals and understand the challenges they were facing and guided them in building a solution that works.

Though WhiteHat is more about finding problems (vulnerabilities) and they do a wonderful job of it, I consider myself more of a solutions guy, meaning how to fix those vulnerabilities and that is where my past experience as a developer and architect, helps me a lot. Not to mention my experience as a Technology Risk Officer at Citigroup, where I contributed in building a Technology Risk Management program to protect their web applications. So, being a solutions guy, training was a perfect fit for me at WhiteHat but now I want to do more than just training, I want to utilize my skills to help companies in addressing their web application security challenges through my own company "MyAppSecurity".

I also want to thank WhiteHat for giving me the opportunity to work with some of the brightest brains in the industry. Its been a wonderful experience and I got to learn so many things not just about the security field but also about on the operation side of a small business. I will definitely be using this experience in establishing my own company. I want to wish WhiteHat Security luck in achieving their goals. I am definitely keeping my stock options :)

If any of you guys are looking for solutions to resolve your web application security challenges, feel free to shoot me an email at anurag (at) myappsecurity (dot) com or call me at 919-244-0803.