Dinis Cruz issues

Results 221 issues of


Dinis Cruz

expand on "Proving behaviour of Controls using TDD"

as seen at https://twitter.com/DinisCruz/status/707321909881524229 ![image](https://cloud.githubusercontent.com/assets/656739/13618401/c9d9015e-e57b-11e5-927d-d75c00b6b691.png) with code at https://t.co/PGtVZmR8Xt references: - http://blogs.msdn.com/b/sfaust/archive/2008/09/02/which-asp-net-controls-automatically-encodes.aspx - http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-08-91-89-96/asp.net_5F00_control_5F00_encoding.htm - http://blog.diniscruz.com/2012/10/reaching-out-to-microsft-regarding.html - http://blog.diniscruz.com/p/real-time-vulnerability-feedback-in.html

new-content

expand on 'Simple Threat Model (template) - Good place to start'

http://blog.diniscruz.com/2016/03/simple-threat-model-template-good-place.html

new-content

Add Chapter about Security Champions

http://blog.diniscruz.com/2015/01/does-your-team-has-security-champion-if.html http://blog.diniscruz.com/2015/10/what-are-security-champions-and-what-do.html Two requirements/qualifications to be an SC (Security Champion): - Have a heart beat - Work for the company Ideal candidates are developers with passion for security (but not...

book-admin

Add chapter describing JIRA Workflows

http://blog.diniscruz.com/2016/03/updated-jira-risk-workflow-now-with.html http://blog.diniscruz.com/2015/12/jira-workflows-for-handing-appsec-risks.html http://blog.diniscruz.com/2016/03/jira-risk-workflow-handling-of-risk.html

book-admin

expand 'on how threat model can be used to map an app's architecuture'

In reply to ... tweet

new-content

Expand on the concept of 'Security Advocates'

As an alternative name for 'Security Champions' https://github.com/DinisCruz/Book_Software_Quality/blob/master/content/4.SecDevOps/8.Security-Champions.md Some companies I'm working with prefer that name since it represents an Advocates for security

new-content

expand on 'testing dangers of LiveReload'

"LiveReload can be quite dangerous since it is an ephemeral test, it's not repeatable and cannot be executed on CI" https://twitter.com/DinisCruz/status/739744681203015680 ![image](https://cloud.githubusercontent.com/assets/656739/19016998/f2861728-8822-11e6-9c1e-bc68cbfae1c4.png)

new-content

Expand on 'Publish the results of Security Reviews (Application Score Cards)'

Part of https://github.com/DinisCruz/Book_Software_Quality/blob/master/content/5.New-Paradigm-for-AppSec/2.Twelve-Proposed%20Actions.md ![image](https://cloud.githubusercontent.com/assets/656739/15858794/4365df9e-2cba-11e6-902c-66a119491bc7.png) This is related to the Software labels idea: - https://www.owasp.org/index.php/OWASP_Security_Labeling_System_Project - https://www.owasp.org/images/1/17/2010-11_OWASP_Software_Labels.pptx - http://blog.diniscruz.com/2012/12/software-labels-jeffs-owasp-appsecdc.html - http://blog.diniscruz.com/2009/12/idea-for-owasp-standard-for-public.html ![image](https://cloud.githubusercontent.com/assets/656739/15858914/be711da2-2cba-11e6-93f3-880472546c7d.png)

new-content

expand on 'central repository of security issues (RISK JIRA Project)'

This is the JIRA project that holds all security issues Related to #65

new-content

Expand on idea of HoneyPot users

![](https://pbs.twimg.com/media/CkMpk_aWYAAZqMr.jpg) from https://twitter.com/DinisCruz/status/739480482564341761

new-content