Case Study: Pearson Weaves ThreadFix into AppSec, Part 2

February 15, 2016 by David Geer 0 Comments

In part one, we discussed how education content publisher Pearson applied ThreadFix to its AppSec request workflow needs. Here’s the rest of the story. The ThreadFix Implementation Senior software security engineer Matt Tesauro added ThreadFix to Pearson’s workflow in the following steps: Using FPM, Tesauro created a Debian Linux package internally to deploy the ThreadFix […]

Case Study: Pearson Weaves ThreadFix into AppSec, Part 1

February 12, 2016 by David Geer 2 Comments

Pearson is a publisher of education industry content to meet the needs of teachers and students from kindergarten/early learning through higher education and continuing education (for professionals). The company uses a mix of software, from legacy third-party software and “classic ASP apps that are on life support to auto-scaling systems on Amazon,” says Matt Tesauro, […]

The Myth of DevOps as a Catalyst to improve Security?

July 16, 2015 by George V. Hulme 1 Comments

Few topics within DevOps discussions elicit more controversy than the relationship between DevOps and information security. Do DevOps practices help to improve security, or do most organizations simply automate and bring their existing bad internal processes along into DevOps? With this topic in mind, I recently had an engaging conversion with Adam Muntner on this […]

Build security into your app development

November 17, 2014 by contributor 1 Comments

Integrate security testing into your dev process now or else face cyber-attacks later The way we develop software has been radically transformed in the last few years. Agility and speed are vital components for any company that wants to compete in the market. In order to achieve that it has proven necessary to break down […]