BOOKS & TOOLS
Building Code for Medical Device Software Security
Co-Authored by Tom Brennan, the elements presented start builders of software for medical devices that will reduce the vulnerability of their systems to malicious attacks. Just as codes for physical buildings help their designers and builders create structures that resist threats from fire, wind, water and, in some cases, malicious attacks. - Click Here
Building a Better IR Program (IRP)
Co-Authored by Tom Brennan, This project provides a proactive approach to Incident Response planning. The intended audience of this document includes business owners to security engineers, developers, audit, program managers, law enforcement, and legal counsel. This guidance is intended to guide the reader on topics that need to be part of the plan in your organization, and this includes those responsible for managing the business and technical risk of the entire organization. - Click Here
Tactical Threat Modeling
Co-Authored by Tom Brennan, Threat modeling, an essential technique for architecting and designing systems securely. This project leverages insights to offer practical ways to integrate threat modeling better. It is an excellent resource for organizations looking to integrate threat modeling into their development processes and teams. Click Here
Managing Security Risks Inherent in the Use of Third-party Components
Co-Authored by Tom Brennan, the use of third-party components (TPCs), including open-source software (OSS) or commercial off-the-shelf (COTS) components, has become defacto standard in software development. This project breaks down the process and procedures developers need to test, improve, and quantify the security of third-party components. Click Here
How to HACK Web Applications Manually
Co-Authored by Tom Brennan, the OWASP methodology document about conducting web application security assessments is a pre-requisite for those seeking guidance on classes of attack and how to test for them manually. Click Here
RFP Criteria
Co-Authoried by Tom Brennan, this project is written to raise visibility for software security-related questions that buyers of services should consider when issuing a request for a quote as an example or in the procurement process. Click Here
Co-Authored by Tom Brennan, the elements presented start builders of software for medical devices that will reduce the vulnerability of their systems to malicious attacks. Just as codes for physical buildings help their designers and builders create structures that resist threats from fire, wind, water and, in some cases, malicious attacks. - Click Here
Building a Better IR Program (IRP)
Co-Authored by Tom Brennan, This project provides a proactive approach to Incident Response planning. The intended audience of this document includes business owners to security engineers, developers, audit, program managers, law enforcement, and legal counsel. This guidance is intended to guide the reader on topics that need to be part of the plan in your organization, and this includes those responsible for managing the business and technical risk of the entire organization. - Click Here
Tactical Threat Modeling
Co-Authored by Tom Brennan, Threat modeling, an essential technique for architecting and designing systems securely. This project leverages insights to offer practical ways to integrate threat modeling better. It is an excellent resource for organizations looking to integrate threat modeling into their development processes and teams. Click Here
Managing Security Risks Inherent in the Use of Third-party Components
Co-Authored by Tom Brennan, the use of third-party components (TPCs), including open-source software (OSS) or commercial off-the-shelf (COTS) components, has become defacto standard in software development. This project breaks down the process and procedures developers need to test, improve, and quantify the security of third-party components. Click Here
How to HACK Web Applications Manually
Co-Authored by Tom Brennan, the OWASP methodology document about conducting web application security assessments is a pre-requisite for those seeking guidance on classes of attack and how to test for them manually. Click Here
RFP Criteria
Co-Authoried by Tom Brennan, this project is written to raise visibility for software security-related questions that buyers of services should consider when issuing a request for a quote as an example or in the procurement process. Click Here
SOFTWARE
SwitchBlade is an open-source program that allows you to perform Denial of Service attacks on web applications. If you are a web app developer, use it to test the stability of your web applications against HTTP Post, Slowloris, and SSL renegotiation attacks. Click Here