Home » Author Archives: Jim Bird (page 3)

Author Archives: Jim Bird

Jim Bird
Jim is an experienced CTO, software development manager and project manager, who has worked on high-performance, high-reliability mission-critical systems for many years, as well as building software development tools. His current interests include scaling Lean and Agile software development methodologies, software security and software assurance.

Feature Toggles are one of the worst kinds of Technical Debt

software-development-2-logo

Feature flags or config flags aka feature toggles aka flippers are an important part of Devops practices like dark launching (releasing features immediately and incrementally), A/B testing, and branching in code or branching by abstraction (so that development teams can all work together directly on the code mainline instead of creating separate feature branches). Feature toggles can be simple Boolean ...

Read More »

Trust instead of Threats

software-development-2-logo

According to Dr. Gary McGraw’s ground breaking work on software security, up to half of security mistakes are made in design rather than in coding. So it’s critical to prevent – or at least try to find and fix – security problems in design. For the last 10 years we’ve been told that we are supposed to do this through ...

Read More »

10 things you can do to as a developer to make your app secure: #10 Design Security In

software-development-2-logo

There’s more to secure design and architecture besides properly implementing Authentication, Access Control and Logging strategies, and choosing (and properly using) a good framework. You need to consider and deal with security threats and risks at many different points in your design. Adam Shostack’s new book on Threat Modeling explores how to do this in detail, with lots of exercises ...

Read More »

10 things you can do as a developer to make your app secure: #9 Start with Requirements

owasp-logo

To build a secure system, you should start thinking about security from the beginning. Legal and Compliance Constraints First, make sure that everyone on the team understands the legal and compliance requirements and constraints for the system. Regulations will drive many of the security controls in your system, including authentication, access control, data confidentiality and integrity (and encryption), and auditing, ...

Read More »

10 things you can do as a developer to make your app secure: #6 Protect Data and Privacy

software-development-2-logo

This is part 6 of a series of posts on the OWASP Top 10 Proactive Development Controls. Regulations – and good business practices – demand that you protect private and confidential customer and employee information such as PII and financial data, as well as critical information about the system itself: system configuration data and especially secrets. Exposing sensitive information is ...

Read More »

10 things you can do to make your app secure: #4 Access Control

software-development-2-logo

This is #4 in a series on the OWASP Top 10 Proactive Controls: 10 things that developers can do to make sure that their app is secure. Access Control aka Authorization, deciding who needs what access to which data and to which features, and how these rules will be enforced, needs to be carefully thought through up front in design. ...

Read More »
Want to take your Java Skills to the next level?
Grab our programming books for FREE!
  • Save time by leveraging our field-tested solutions to common problems.
  • The books cover a wide range of topics, from JPA and JUnit, to JMeter and Android.
  • Each book comes as a standalone guide (with source code provided), so that you use it as reference.
Last Step ...

Where should we send the free eBooks?

Good Work!
To download the books, please verify your email address by following the instructions found on the email we just sent you.