We Hack Purple Blog

7 Places to do Automated Security Tests

When working in a DevOps environment security professionals are sometimes overwhelmed with...

Pushing Left, Like a Boss – Part 10: Special AppSec Activities and Situations

Special Situations Not all application security programs are the same, and not...

Pushing Left, Like a Boss – Part 9: An AppSec Program

In my talk that this blog series is based on, "Pushing Left,...

Pushing Left, Like a Boss – Part 8: Testing

It is my belief that testing should be done throughout the development...

Pushing Left, Like a Boss – Part 7: Code Review and Static Code Analysis

This article is about secure code review and Static Application Security Testing...

Pushing Left, Like a Boss – Part 6: Threat Modelling

The last security-related part of the Design Phase of the System Development...

Pushing Left, Like a Boss, Part 5.14 Secure Coding Summary

This article will summarize the previous articles in Part 5 of this...

Pushing Left, Like a Boss — Part 5.13 — HTTPS only

HTTPS only — for every app, everyone, always. Temple in South Korea,...

Pushing Left, Like a Boss — Part 5.12 — Authentication (AuthN), Identity and Access Control

Note: much of this comes from the OWASP Cheat Sheet on Access...

Pushing Left, Like a Boss — Part 5.11 — Authorization (AuthZ)

Authorization (also known as ‘AuthZ’) is verifying that the user who is...

Pushing Left, Like a Boss — Part 5.10 — Untrusted Data

Trust data from…. No one. Not the database, not APIs, not even...

Pushing Left, Like a Boss — Part 5.9 — Error Handling and Logging

All errors should be caught and handled gracefully; there should never be...