Home » Author Archives: Jim Bird (page 3)

Author Archives: Jim Bird

Jim Bird
Jim is an experienced CTO, software development manager and project manager, who has worked on high-performance, high-reliability mission-critical systems for many years, as well as building software development tools. His current interests include scaling Lean and Agile software development methodologies, software security and software assurance.

10 things you can do to make your app secure: #4 Access Control

software-development-2-logo

This is #4 in a series on the OWASP Top 10 Proactive Controls: 10 things that developers can do to make sure that their app is secure. Access Control aka Authorization, deciding who needs what access to which data and to which features, and how these rules will be enforced, needs to be carefully thought through up front in design. ...

Read More »

10 things you can do to make your app secure: #3 Validate Input

software-development-2-logo

This is part #3 of a series of posts on the OWASP Top 10 Proactive Development Controls. Your first line of defence against attacks should always be to check all data from untrusted sources. Input validation is fundamental to application security, and a basic part of good defensive programming. This is simple, and obvious – and often done wrong.   ...

Read More »

10 things you can do to make your app secure: #2 Encoding Data

software-development-2-logo

This is part #2 of a series on the OWASP Top 10 Proactive Controls, the 10 things you can do as a developer to make your application secure. In the previous post, I explained why Parameterized Database Queries are so important in protecting applications from SQL injection, one of the most common and dangerous attacks. SQL injection is only one ...

Read More »

10 things you can do to make your app secure: #1 Parameterize Database Queries

software-development-2-logo

OWASP’s Top 10 Risk list for web applications is a widely recognized tool for understanding, describing and assessing major application security risks. It is used to categorize problems found by security testing tools, to explain appsec issues in secure software development training, and it is burned into compliance frameworks like PCI DSS. The OWASP Top 10 for web apps, and ...

Read More »

How Product Ownership works in the Real World

agile-logo

Scrum continues to insist that a single person play the role of Product Owner on a development project. One person sets the team’s direction and priorities, defines what the system will do, manages the backlog of requirements and decides when work is done. But like many other organizations, we’ve found that this doesn’t work. There are too many functional and ...

Read More »

Driving Devops

devops-logo

There is a lot of talk in the devops community about the importance of sharing principles and values, and about silo busting: breaking down the “wall of confusion” between developers and operations to create agile, cross-functional teams. Radical improvement through fundamental organizational changes and building an entirely new culture. But it doesn’t have to be that hard. All it took ...

Read More »

Agile – What’s a Manager to Do?

agile-logo

As a manager, when I first started learning about Agile development, I was confused by the fuzzy way that Agile teams and projects are managed (or manage themselves), and frustrated and disappointed by the negative attitude towards managers and management in general. Attempts to reconcile project management and Agile haven’t answered these concerns. The PMI-ACP does a good job of ...

Read More »

Secure DevOps – Seems Simple

devops-logo

The DevOps security story is deceptively simple. It’s based on a few fundamental, straight forward ideas and practices: Smaller Releases are Safer One of these ideas is that smaller, incremental and more frequent releases are safer and cause less problems than big bang changes. Makes sense. Smaller releases contain less code changes. Less code means less complexity and fewer bugs. ...

Read More »

Application Security – Can you Rely on the Honeymoon Effect?

software-development-2-logo

I learned about some interesting research from Dave Mortman at this year’s RSA conference in San Francisco which supports the Devops and Agile arguments that continuous, incremental, iterative changes can be made safely: a study by by the MIT Lincoln lab (Milk or Wine: Does Software Security Improve with Age?) and The Honeymoon Effect, by Sandy Clark at the University ...

Read More »
Do you want to know how to develop your skillset and become a ...

Subscribe to our newsletter to start Rocking right now!

To get you started we give you our best selling eBooks for FREE!
Get ready to Rock!
To download the books, please verify your email address by following the instructions found on the email we just sent you.

THANK YOU!

Close