Security Compass Blog

Learn about what's happening in software development and application security.

Threat Modeling: An Essential Cornerstone of DevSecOps Culture

Threat modeling as a proactive practice in software development can help prevent many data breaches. Let's learn about the current state of threat modeling.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
The 2021 State of Threat Modeling: An interactive e-book publication
- Facebook
- Twitter
- Email
- LinkedIn
View E-Book
Data Flow Diagrams and Threat Modeling

Threat modeling is not a new concept. However, it would serve us well if we examined where we are today compared to the past. Or more precisely, have we improved?
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
Check Out Upcoming Events & Webinars!
Learn More
How to Transition from PA-DSS to PCI Software Security Framework

Back in 2019, the PCI Security Standard Council replaced the PA-DSS program with the new PCI SSF. Let's learn how you can make your transition smooth.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
Improving Cybersecurity: Impact of the U.S. Executive Order

Last month, the Biden administration signed an Executive Order to improve cybersecurity. One aim of the new order is to regulate what the government considers reasonable security practices.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
U.S. Federal Government Agencies: SD Elements Embeds Cybersecurity Training Into DevSecOps

Cybersecurity training programs for developers help build a culture of security in your organization as well as raise awareness about secure coding best practices.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
How the Financial Industry Can Prepare for Cyber Threats of the Future

Learn about the latest cybersecurity threats to the financial sector and the importance of implementing new tech with an approach of security by design.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
NIST 800-53 Revision 5: Preparing for Transition and Ensuring Compliance

After years of anticipation, the NIST SP 800-53 Rev. 5 was released in 2020. Let's learn how federal information systems can ensure compliance with these security controls.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
Building the Next Generation of Cybersecurity Consultants: An Interview with Manny Mand

What does it take to grow the next generation of cybersecurity consultants? Manny Mand discusses his cybersecurity journey and role at Hackers for Change.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
Confronting Common Container Security Vulnerabilities

Containers are transforming how businesses deploy and use applications. Find out how you can defend your business against common container security risks.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
Penetration Testing at the Speed of Agile

When penetration testing in Agile, yearly is not enough. Learn how continuous penetration testing leads to cost savings, time savings, and more secure software.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
SD Elements Meets the U.S. DoD Iron Bank Security Requirements

SD Elements is now available in the U.S. DoD Platform One Iron Bank repository which contains authorized container images hardened to the department’s exacting specifications.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
Secure Your Software Build Operations

What secures (or fails to secure) your business does not depend on written policies. It depends on what your development team is doing day in and day out.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
TimeGap Theory: Testing for TOCTOU Issues in Web Applications

Your security and development teams should know how to identify and mitigate TOCTOU vulnerabilities. Learn why, and learn how, to test for them in this new book.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
How to Build Custom Red Team Testing Tools in C++

A conversation with Steven Patterson about his eBook, which teaches red team testing professionals how to start building Command and Control tools in C++.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
The 2021 State of DevSecOps: Challenges and Drivers

In our survey, we found a rising trend toward the adoption of DevSecOps over the last year.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
Survey: The 2021 State of DevSecOps

Last year was challenging, but it also presented a great opportunity for organizations to address cybersecurity in scalable ways. Let's learn where security is headed in 2021.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
Cloud versus Traditional Security: Protecting Your Data & Systems

To stay secure while embracing the cloud, your organization will need a security program that takes into account the differences between cloud and traditional security.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
The Future of Cybersecurity: Five Emerging Trends

2020 upended security strategies and IT roadmaps. Our team identified five cybersecurity trends that will influence security and business priorities moving ahead.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
Using Balanced Development Automation to Achieve Both Speed and Security for CMMC

CMMC is a means of unifying cybersecurity standards for the U.S. Department of Defense. Learn how you can achieve compliance with this new standard.
- Facebook
- Twitter
- Email
- LinkedIn
Read Article
Loading More...

Security Compass Blog

Threat Modeling: An Essential Cornerstone of DevSecOps Culture

Threat modeling as a proactive practice in software development can help prevent many data breaches. Let's learn about the current state of threat modeling.

The 2021 State of Threat Modeling: An interactive e-book publication

Data Flow Diagrams and Threat Modeling

Threat modeling is not a new concept. However, it would serve us well if we examined where we are today compared to the past. Or more precisely, have we improved?

How to Transition from PA-DSS to PCI Software Security Framework

Back in 2019, the PCI Security Standard Council replaced the PA-DSS program with the new PCI SSF. Let's learn how you can make your transition smooth.

Improving Cybersecurity: Impact of the U.S. Executive Order

Last month, the Biden administration signed an Executive Order to improve cybersecurity. One aim of the new order is to regulate what the government considers reasonable security practices.

U.S. Federal Government Agencies: SD Elements Embeds Cybersecurity Training Into DevSecOps

Cybersecurity training programs for developers help build a culture of security in your organization as well as raise awareness about secure coding best practices.

How the Financial Industry Can Prepare for Cyber Threats of the Future

Learn about the latest cybersecurity threats to the financial sector and the importance of implementing new tech with an approach of security by design.

NIST 800-53 Revision 5: Preparing for Transition and Ensuring Compliance

After years of anticipation, the NIST SP 800-53 Rev. 5 was released in 2020. Let's learn how federal information systems can ensure compliance with these security controls.

Building the Next Generation of Cybersecurity Consultants: An Interview with Manny Mand

What does it take to grow the next generation of cybersecurity consultants? Manny Mand discusses his cybersecurity journey and role at Hackers for Change.

Confronting Common Container Security Vulnerabilities

Containers are transforming how businesses deploy and use applications. Find out how you can defend your business against common container security risks.

Penetration Testing at the Speed of Agile

When penetration testing in Agile, yearly is not enough. Learn how continuous penetration testing leads to cost savings, time savings, and more secure software.

SD Elements Meets the U.S. DoD Iron Bank Security Requirements

SD Elements is now available in the U.S. DoD Platform One Iron Bank repository which contains authorized container images hardened to the department’s exacting specifications.

Secure Your Software Build Operations

What secures (or fails to secure) your business does not depend on written policies. It depends on what your development team is doing day in and day out.

TimeGap Theory: Testing for TOCTOU Issues in Web Applications

Your security and development teams should know how to identify and mitigate TOCTOU vulnerabilities. Learn why, and learn how, to test for them in this new book.

How to Build Custom Red Team Testing Tools in C++

A conversation with Steven Patterson about his eBook, which teaches red team testing professionals how to start building Command and Control tools in C++.

The 2021 State of DevSecOps: Challenges and Drivers

In our survey, we found a rising trend toward the adoption of DevSecOps over the last year.

Survey: The 2021 State of DevSecOps

Last year was challenging, but it also presented a great opportunity for organizations to address cybersecurity in scalable ways. Let's learn where security is headed in 2021.

Cloud versus Traditional Security: Protecting Your Data & Systems

To stay secure while embracing the cloud, your organization will need a security program that takes into account the differences between cloud and traditional security.

The Future of Cybersecurity: Five Emerging Trends

2020 upended security strategies and IT roadmaps. Our team identified five cybersecurity trends that will influence security and business priorities moving ahead.

Using Balanced Development Automation to Achieve Both Speed and Security for CMMC

CMMC is a means of unifying cybersecurity standards for the U.S. Department of Defense. Learn how you can achieve compliance with this new standard.