Glenn Wilson

Book a call

Category: Agile Security

  • Security knowledge entropy

    Security knowledge entropy

    Entropy has been described as the measure of disorder of a system.   The Second Law of Thermodynamics, as defined by Rudolf Clausius, states that the ‘Entropy of the universe tends to a maximum’, which means that the universe is heading towards maximum entropy, or maximum disorder. Entropy can be seen in everyday life, ice melts,…

  • Security test automation part 5: SCA

    Security test automation part 5: SCA

    In this final instalment of articles exploring security test automation, I take a closer look at Software Composition Analysis (SCA). Open source software has grown considerably over the last few years. As engineers struggle with the writing of code that meets ever-increasing demands of the business, they do not want the distraction of writing logic…

  • Security test automation part 4: RASP

    Security test automation part 4: RASP

    In previous articles, I wrote about the Application Security Testing tools SAST, DAST and IAST, which are designed to help engineers fix problems during the development lifecycle. In this article, I write about a technology designed to protect applications in a production environment. This technology is known as Runtime Application Self-Protection (RASP). Once an application…

  • Security test automation part 3: IAST

    Security test automation part 3: IAST

    In my previous two articles in this series on security test automation, I gave a brief insight into SAST and DAST. In this article I take a closer look at Interactive Application Security Testing (IAST), a relative newcomer to the security test automation scene. The key difference between IAST and the two previous types of…

  • Security test automation part 2: DAST

    Security test automation part 2: DAST

    In part one of this series of articles, I wrote about Static Application Security Testing (SAST). In this second part, I turn my attention to Dynamic Application Security Testing (DAST). Unlike SAST which analyses static application source code, DAST analyses the application dynamically while it is running. Immediately, this pushes the operation of the dynamic…

  • Security test automation part 1: SAST

    Security test automation part 1: SAST

    A question that comes up frequently in my capacity as a DevOps / Agile Security consultant is: how do we integrate security test automation into our environments. There is a lot of information on automated security testing tools, but unfortunately, the vast majority of it is written by the companies who produce and sell the…

  • Agile – 5 mistakes organisations make

    Agile – 5 mistakes organisations make

    Introduction When I first encountered the Agile framework, I was awestruck by how software engineering teams worked so differently from what I had been used to and achieved much better results than I had seen before. I saw developers work in groups of two or three at the same workstation for hours on end, I…

  • Appsec tooling: value vs process

    Appsec tooling: value vs process

    If you are using appsec tools in your pipeline you are probably asking what their benefits are. Typically, Static Application Security Testing (SAST) tools are prone to identifying false positives, which creates a lot of noise. The leadership questions why your tools, which were meant to reduce the number of vulnerabilities is reporting more vulnerabilities…