Research

Application Security

November 23, 2021
Research, Cybersecurity
Research

Application Security #

Book I am writing on application security.

  • Training

    • Training Employees
      • Designing Security Trainings

  • Requirements

    • Software Requirements
      • SDLC
    • Regulation (PCI/HIPPA/SOC/GDPR/CDPA)
    • Prioritization
      • Identifying Stakeholders
      • Prioritizing Projects with Security Concerns

  • Design

    • Best Practices for Design
    • Risk Analysis: Application Threat Modeling
      • DREAD
      • STRIDE
      • Risk Matrix

  • Implementation (Coding)

    • Implementation Guidelines
    • Secure coding practices
    • Code Reviews
    • OWASP Secure Headers Project

  • Verification (Testing)

    • Verification Guidelines
    • SAST Testing
      • SonarQube
      • Bandit
      • Gosec
      • npm
    • DAST Testing
      • Burp
      • OWASP ZAP
      • Nikto
    • False Positives
    • Third Party Library Testing

  • Release

    ...

Think Like an Attacker

November 23, 2021
Research, Cybersecurity
Research

Think Like an Attacker #

Book I am writing on thinking like an attacker.

  • Refrence to Brodsky challenge
    • How to think before how to think like an attacker
  • Critical thinking skills
  • Problem solving skills
  • Systems
    • Thinking in Systems
    • Breaking Systems
  • Social engineering
    • Game theory
    • Milgram’s study on obedience
    • Psychological needs
  • Red team mindset