Badges
55 Points
6 Years
User Activity
About 6 years ago
Answered a question: Which Would You Recommend To Your Boss, OWASP Zap or PortSwigger Burp?
Both have very powerful abilities. ZAP can be an advantage for free, but Burp's free version will work similarly. As someone who uses both, depending on the circumstances, one can be preferred to the other.
About 6 years ago
Unfortunately, my personal opinion is that such applications do not work anymore. Instead, source code analysis, proactive preventive agents and manual tests are more important.
About 6 years ago
Answered a question: What Application Security Solution Do You Use That Is DevOps Friendly?
Using "Microfocus (HPE) Fortify SCA" with integrated "VSTS/TFS".
But you need take some effort to implement your CI/CD pipeline with custom scripts (autogenerated bat files e.t.c).
Over 6 years ago
Contributed a review of Fortify on Demand: Allows for more efficient and custom integration by allowing customized enhancements through the API support
Experience
Following
Reviews
Over 6 years ago
Fortify on Demand
Answers
About 6 years ago
Application Security Testing (AST)
About 6 years ago
Application Security Testing (AST)
Comments
About 6 years ago
Dynamic Application Security Testing (DAST)
About me
Performing application "Security Assessments" using automated and manual tools and recomend remediation controls.
Perform pentest and ethical hacking.
Participating in secure code review.
Partipicating/ Develope secure code with team to fix security issues.
Threat modeling to identify, quantify and address security risks related with apps and systems.
Educate software developing teams on secure coding practices and models/patterns/methodologies
Preparing and sharing educational materials, best practices and handbooks associated with app sec.
Specifying security requirements for Web and mobile apps.
Expertising on Microsoft Secure SDL/SDLC and OWASP SAMM models/methodology
