Profile

Cover photo
Dinis Cruz
176 followers|6,770,608 views
AboutPostsPhotosYouTube

Stream

Dinis Cruz

Shared publicly  - 
 
BSIMM Questions for Teams v0.7 (with all consolidated team questions and maybe column)
Following from  Updated version of BSIMM Questions for Teams (now will all activities mapped)  here is an improved version with: All team questions in one page Added a Maybe column Removed the 'If No, why not?' text from the last column Added spaces to ask ...
Following from Updated version of BSIMM Questions for Teams (now will all activities mapped) here is an improved version with: All team questions in one page Added a Maybe column Removed the 'If No, why not?' text from the l...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
First pass at BSIMM questions for teams
Here  (also embedded below) is a mapping of several  BSIMM  activities and translating them into a questionnaire that can be easily filled in by developers, technical architects,  business owners and  security champions  (called satellites in BSIMM). Note t...
Here (also embedded below) is a mapping of several BSIMM activities and translating them into a questionnaire that can be easily filled in by developers, technical architects, business owners and security champions (called s...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
When talking about Application Security and Software Quality, Pollution is a much better analogy than Technical Debt
One of the analogies that I make in my "New Era of Software with modern Application Security"  presentation is that Pollution is a much better way to describe quality (and security) issues (vs Technical Debt):   This analogy is inspired by David Rice's amaz...
One of the analogies that I make in my "New Era of Software with modern Application Security" presentation is that Pollution is a much better way to describe quality (and security) issues (vs Technical Debt): This analog...
1
Add a comment...

Dinis Cruz

commented on a post on Blogger.
Shared publicly  - 
 
I just fixed an issue with the script above. For it to work you will need to use v5.5 (get it from http://blog.diniscruz.com/2014/08/o2-platform-55-rc1-please-give-it-test.html ) and use this version of the O2.Platform.Scripts https://github.com/o2platform/O2.Platform.Scripts/tree/9a947804cfb8046296e2424971d0aa3cb7d9d2d7
On the topic of Web Automation, I always wanted to have a REPL environment for Chrome like I have for IE (using Watin). In the past I have explored multiple solutions, for example the use of CefSharp (see here and here). But ...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
JIRA RISK workflow handling of 'Risk Fatigue'
On a email thread related to Updated JIRA RISK workflow (now with a 'Fixing' State) , I received this great question: I really like the idea of forcing someone to almost sign that they accept the risk. Forces them to really think about it. One thing I'm cur...
On a email thread related to Updated JIRA RISK workflow (now with a 'Fixing' State), I received this great question: I really like the idea of forcing someone to almost sign that they accept the risk. Forces them to really t...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Presenting at OWASP AppSecEU on "Using JIRA to manage Risks and Security Champions activities"
I just received this nice invitation from the OWASP AppSec EU today: My plan is to use this opportunity to document the JIRA workflows that I have been creating and implementing (when acting as Head of Application Security ) Here are a couple related posts:...
1
Add a comment...
Have him in circles
176 people
Paulo Guerreiro's profile photo
Ali Razmjoo's profile photo
Michael Coates's profile photo
Dinis Fernandes's profile photo
Timur “x” Khrotko's profile photo
Rahul Raut's profile photo
Tung Pham's profile photo
Fabio Cerullo's profile photo
Tomas Stehlik's profile photo

Dinis Cruz

Shared publicly  - 
 
Updated version of BSIMM Questions for Teams (now will all activities mapped)
Following from First pass at BSIMM questions for teams  here is an updated version of the questionnaire for developers. It looks like this and it has 3 sections: The source file is available at GitHub
Following from First pass at BSIMM questions for teams here is an updated version of the questionnaire for developers. It looks like this and it has 3 sections: The source file is available at GitHub
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Started working on new book "Measuring Software Quality using Application Security"
Over the 3 weeks I spent in the US (in an RV with family) I started working on a book based on the ideas shown at the "New Era of Software with modern Application Security" presentation (v1.0). The current title is "Measuring Software Quality using Applicat...
Over the 3 weeks I spent in the US (in an RV with family) I started working on a book based on the ideas shown at the "New Era of Software with modern Application Security" presentation (v1.0). The current title is "Measuring...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
"New Era of Software with modern Application Security" presentation (v1.0)
This is the final slide deck of the "New Era of Software with modern Application Security" presentation I delivered at Codemotion Rome , which was a developer-focused conference (with 1500 attendees). Description: "This presentation will start with an overv...
This is the final slide deck of the "New Era of Software with modern Application Security" presentation I delivered at Codemotion Rome, which was a developer-focused conference (with 1500 attendees). Description: "This presen...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Simple Threat Model (template) - Good place to start
When teaching about Threat Models, the most common question I get is 'How do I start? '. To make this process easier, I usually recommend to use the simple '1 page Threat Model' which you can see on the right ( download here ) The idea is to kickstart the p...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Updated JIRA RISK workflow (now with a 'Fixing' State)
As an improvement of the workflow I showed at  JIRA Workflows for handing AppSec RISKS  here is a version that adds a 'Fixing' state between 'Allocated for Fix' and ‘Test Fix’. The reason for this change, was to take into account projects (or components) th...
As an improvement of the workflow I showed at JIRA Workflows for handing AppSec RISKS here is a version that adds a 'Fixing' state between 'Allocated for Fix' and ‘Test Fix’. The reason for this change, was to take into accou...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Thinking of writing a book called "Measuring Software Quality using Application Security"
This book will be based on the ideas I've been talking about in my "New Era of Software with modern Application Security"  presentation. The plan is to use my experience with Leanpub (where I have published 7 books ), with the content being hosted on GitHub...
This book will be based on the ideas I've been talking about in my "New Era of Software with modern Application Security" presentation. The plan is to use my experience with Leanpub (where I have published 7 books), with the ...
1
Add a comment...
People
Have him in circles
176 people
Paulo Guerreiro's profile photo
Ali Razmjoo's profile photo
Michael Coates's profile photo
Dinis Fernandes's profile photo
Timur “x” Khrotko's profile photo
Rahul Raut's profile photo
Tung Pham's profile photo
Fabio Cerullo's profile photo
Tomas Stehlik's profile photo
Links
YouTube
Contributor to
Basic Information
Gender
Male