BOOKS & TOOLS
Building Code for Medical Device Software Security
The elements presented in this paper start builders of software for medical devices that will reduce the vulnerability of their systems to malicious attacks. Just as codes for physical buildings help their designers and builders create structures that resist threats from fire, wind, water and, in some cases, malicious attacks. - Click Here Building a Better IR Program (IRP) Breaches happen every day as you learn about them in the news. Is your business prepared? This project provides a proactive approach to Incident Response planning. The intended audience of this document includes business owners to security engineers, developers, audit, program managers, law enforcement, and legal counsel. This guidance is intended to guide the reader on topics that need to be part of the plan in your organization, and this includes those responsible for managing the business and technical risk of the entire organization. - Click Here Tactical Threat Modeling Threat modeling, an essential technique for architecting and designing systems securely, is a method many SAFECode members employ. This paper leverages SAFECode members’ insights to offer practical ways to integrate threat modeling better. It is an excellent resource for organizations looking to integrate threat modeling into their development processes and teams. Click Here Managing Security Risks Inherent in the Use of Third-party Components The use of third-party components (TPCs), including open-source software (OSS) or commercial off-the-shelf (COTS) components, has become defacto standard in software development. This paper breaks down the process and procedures developers need to test, improve, and quantify the security of third-party components. Click Here How to HACK Web Applications Manually The well-known methodology document about conducting web application security assessments is a pre-requisite for those seeking guidance on classes of attack and how to test for them manually. Click Here RFP Criteria The project is written to raise visibility for software security-related questions that buyers of services should consider when issuing a request for a quote as an example or in the procurement process. Click Here SOFTWARESwitchBlade is an open-source program that allows you to perform Denial of Service attacks on web applications. If you are a web app developer, use it to test the stability of your web applications against HTTP Post, Slowloris, and SSL renegotiation attacks. Click Here
|
PRESS/MEDIAInfoSecurity Magazine How to Avoid Fallout from the Ransomware Epidemic
Fulfilling Network Security Requirements and Business Needs Core Values Interview with Tom Brennan CMMC COE partners with CREST USA InfoSecurity Magazine NYC Interview w/ Tom Brennan Hackathons in New Jersey Crains, Geeks who know how to keep hackers out 10 Common Design Flaws w/ Tom Brennan Wall Street Journal w/ Tom Brennan ITSP Interview w/ Tom Brennan at AppSecCali 2017 ABC News Wireless w/ Tom Brennan Dark Reading, Proactive Risk Application Security Arrest Reveals Dual Life's of Hackers Reuters, Irish Hacking Blackhat 2011 New York Internet and Proactive Risk Partner |