Badges
55 Points
6 Years
User Activity
Almost 7 years ago
Answered a question: Which Would You Recommend To Your Boss, OWASP Zap or PortSwigger Burp?
Both have very powerful abilities. ZAP can be an advantage for free, but Burp's free version will work similarly. As someone who uses both, depending on the circumstances, one can be preferred to the other.
Almost 7 years ago
Unfortunately, my personal opinion is that such applications do not work anymore. Instead, source code analysis, proactive preventive agents and manual tests are more important.
Almost 7 years ago
Answered a question: What Application Security Solution Do You Use That Is DevOps Friendly?
Using "Microfocus (HPE) Fortify SCA" with integrated "VSTS/TFS".
But you need take some effort to implement your CI/CD pipeline with custom scripts (autogenerated bat files e.t.c).
Almost 7 years ago
Contributed a review of Fortify on Demand: Allows for more efficient and custom integration by allowing customized enhancements through the API support
Reviews
Almost 7 years ago
Fortify on Demand
Answers
Almost 7 years ago
Static Application Security Testing (SAST)
Almost 7 years ago
Static Application Security Testing (SAST)
Comments
Almost 7 years ago
Dynamic Application Security Testing (DAST)
About me
Performing application "Security Assessments" using automated and manual tools and recomend remediation controls.
Perform pentest and ethical hacking.
Participating in secure code review.
Partipicating/ Develope secure code with team to fix security issues.
Threat modeling to identify, quantify and address security risks related with apps and systems.
Educate software developing teams on secure coding practices and models/patterns/methodologies
Preparing and sharing educational materials, best practices and handbooks associated with app sec.
Specifying security requirements for Web and mobile apps.
Expertising on Microsoft Secure SDL/SDLC and OWASP SAMM models/methodology