Dina Shkolnik

Category //

Dina Shkolnik

OpenSAMM

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations devise and implement an application security strategy that is tailored to its specific needs and requirements. The resources provided by this model allows the evaluation of the

Read More »

BSIMM

Build Security in Maturity Model (BSIMM) is a software security measurement framework that helps organizations gauge their software security and build a maturity model based on actual data gathered from real-world software security initiatives. What is inside the BSIMM? It

Read More »

MISRA/MISRA C

MISRA C is a dedicated software development standard for the C programming language developed by MISRA. Its aims are to facilitate code safety, portability and reliability in the context of embedded systems, specifically those systems programmed in ISO C. There

Read More »

HIPAA

HIPAA defines how electronic (online) healthcare and administrative transactions should be executed by companies providing health plans and other health care provisions. This American legislation was signed by Bill Clinton in 1996 and has five main sections that cover the

Read More »

PCI DSS

The PCI DSS consists of a set of requirements that help create a secure environment for all companies that process, store or transmit credit card information. It was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover

Read More »

SANS 25

The SANS 25 list is a widely recognized AppSec benchmark. The vulnerabilities listed here are linked directly to their respective CWE origins. This means you can get an in-depth view into the vulnerability data (remediation costs, code samples, attack frequency,

Read More »

OWASP/OWASP TOP 10

The Open Web Application Security Project (OWASP) is an open-source appsec community. Its goal is to increase application security awareness. OWASP is the source behind the industry standard OWASP Top 10. More and more companies from various industrial sectors are embracing this vulnerability list, which consistently

Read More »

The Secure SDLC

More and more organizations are ditching the traditional sequential processes (i.e – Waterfall) for iterative development methodologies. This commonly involves Agile and DevOps methods, which are based on continuous delivery of software based on customer feedback. But traditional AppSec solutions

Read More »

SAST vs PENETRATION TESTING

Why SAST? Better ROI since Penetration Testing can’t work till the app is up and running. Has a higher detection rate. Pen Testing needs many cycles. Offers faster scan results and non-dependent on the human factor. Requires less manpower and

Read More »

What Are The Top AppSec Solutions Available Today?

There are 5 main AppSec methodologies in use today. Penetration (Pen) Testing Manual Code Review Web Application Firewall (WAFs) Dynamic Application Security (DAST) Static Application Security Testing (SAST) Penetration (Pen) Testing – Penetration testing is a “hands on” methodology that combines

Read More »
Skip to content