About

Secure and robust software doesn’t have to be an utopian ideal.  Security assessments performed at the end of a project are too often relied on as the only form of security control.  Such an approach can be costly, both in terms of the time needed to perform a thorough assessment and the time needed to apply the necessary fixes.  By treating security as a first class business requirement during the initial design, implementation and testing phases, software can be secure by default.

I am a Principal Consultant at Corsaire Ltd., a niche security consulting firm based in the UK. I am also a project leader for the OWASP Java Project and have presented at numerous conferences, and written a few papers on various security topics. The main slant of this blog is towards application security, secure code and testing. Hope you find it useful!

• 
  

• About

  Secure and robust software doesn’t have to be an utopian ideal. By treating security as a first class business requirement during the initial design, implementation and testing phases, software can be secure by default.

• Recently Written

  • Integrating security into QA testing
  • Security Testing with Watij
  • Defining security requirements

• Categories

  • Design
  • Testing

• Archives

  • February 2008
  • January 2008

• Blogroll

  • Adam Boulton’s blog
  • Build Security In
  • Corsaire
  • OWASP
  • Security Pundit
  • Test Driven

• Admin

  • Register
  • Login