Maturity Models for Shifting Security Left (or Everywhere) in the Software Development Lifecycle

Any organisation that creates or maintains digital products as part of its business operations should be concerned with software security. In the past, security in software involved designing, building and testing — at which point security testing would be undertaken before go live. With faster deployment cycles and shorter time-to-value for customers brought on through … Read more

Innovation

How innovative would you say you are at work? How innovative is your team? How innovative is your organisation? Let’s first make sure we’re on the same page. What do I mean by innovation? Innovation as in doing things differently, in a way it hasn’t been done before. Thinking critically and coming up with new … Read more

How Managers Can Support SDL Adoption

Managers play an important role in supporting the adoption of SDL in a development organization. Adoption of SDL requires strong commitment from executive and senior leaders. Without this commitment and support, the adoption of SDL will either fail or not be as successful as it could be. Executives should demonstrate support for the initiative by … Read more

Current Software Development Approaches and SDL

Current software development methodologies do not give enough attention to security concerns. Whether you use waterfall, agile, lean/devops or a combination, the likelihood is that the inherent approach lacks a significant and deep focus on security in a way that will reduce the likelihood of security bugs being written into software. This is what makes … Read more

Secure Software Development From the Start

Today, it’s not enough to secure the network and the OS. The threats have changed and security must change too. With the strong focus on the network, attackers have become more sophisticated and adept at focusing their attention on databases. This brings application security right to the forefront. The best way to protect your application … Read more

How to Write User Stories and Acceptance Criteria

Use the INVEST criteria when formulating user stories Acceptance Criteria Acceptance criteria are a set of statements, each with a clear pass/fail result, added to a user story. Put simply, acceptance criteria specify conditions under which a user story is fulfilled. They should be expressed clearly, in simple language, without any ambiguity about the expected … Read more

How to Prepare for Web-to-Case and Email-to-Case

Email-to-Case will automatically create a case from an inbound email. It will use the senders email address to associate a contact to the case and the content of the email to auto-populate case fields. All attachments and subsequent replies will be associated with the case and it will trigger assignment, auto-response, escalation, workflow rules and … Read more