Profile

Cover photo
Dinis Cruz
174 followers|7,869,522 views
AboutPosts

Stream

Dinis Cruz

Shared publicly  - 
 
Threat Model Community
(from Software Quality book) There is currently (late 2016) space within the application security world to develop a community focused on Threat Modeling. Such community would allow the many parties working on Threat Modeling to share information and provid...
(from Software Quality book) There is currently (late 2016) space within the application security world to develop a community focused on Threat Modeling. Such community would allow the many parties working on Threat Modelin...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
AppSec should buy tools for developers
(from Software Quality book) This is a great opportunity to generate goodwill and positive working relationships with developers. If the AppSec team is able to actually find the budget for tools, it will help developers be more productive. Two great example...
(from Software Quality book) This is a great opportunity to generate goodwill and positive working relationships with developers. If the AppSec team is able to actually find the budget for tools, it will help developers be mo...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
I Abuse the term ‘Unit Test’
(from Software Security Book) For me a Unit Test is a test of an 'unit’. The only question is how big is that 'unit’. If you go to Wikipedia page for List of Unit Testing Frameworks you will see a large list of ‘unit test’ frameworks which range from tradit...
(from Software Security Book) For me a Unit Test is a test of an 'unit’. The only question is how big is that 'unit’. If you go to Wikipedia page for List of Unit Testing Frameworks you will see a large list of ‘unit test’ fr...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Graduates to manage JIRA
(from Software Quality Book) One of the challenges of the JIRA RISK workflow is managing and maintaining the opened issues. This can be a considerable amount of work, especially when there are 200 or more issues. Note that, in large organizations, the numbe...
(from Software Quality Book) One of the challenges of the JIRA RISK workflow is managing and maintaining the opened issues. This can be a considerable amount of work, especially when there are 200 or more issues. Note that,...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Know what was not tested
(from  Software Quality Book ) When you're reading an application security report (like a pentest), one of the most important questions that you should get an answer to is  'What tests did they run?' . This is especially important for the tests (i.e. exploi...
(from Software Quality Book) When you're reading an application security report (like a pentest), one of the most important questions that you should get an answer to is 'What tests did they run?'. This is especially impor...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Presentation "Turning TDD upside down - For bugs, always start with a passing test" v0.5
Here is the presentation I delivered at LSCC (London Software Craftsmanship Community) on the 22nd Sep 2016 Title:   Turning TDD upside down - For bugs, always start with a passing test Description: Common workflow on TDD is to write failed tests. The probl...
Here is the presentation I delivered at LSCC (London Software Craftsmanship Community) on the 22nd Sep 2016 Title: Turning TDD upside down - For bugs, always start with a passing test Description: Common workflow on TDD is to...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
The business model of selling a fork
(from Software Security Book) An open source based business model that I really like, is the idea that the company (or team) behind a particular open source project, sells a fork of the master repository, that is customised and/or maintained for a particula...
(from Software Security Book) An open source based business model that I really like, is the idea that the company (or team) behind a particular open source project, sells a fork of the master repository, that is customised a...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Developers need data classification
(from Software Security Book) Every type of data that exists in an organisation, especially the data that is consumed by applications, needs to have a Data Classification mapping. Developers need to know if a particular piece of data is sensitive, and what ...
(from Software Security Book) Every type of data that exists in an organisation, especially the data that is consumed by applications, needs to have a Data Classification mapping. Developers need to know if a particular p...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Putting Data in PasteBin
(from Software Quality book) One of the best ways to make Developers, Architects and Managers understand confidentiality of data hosted by their application, is to ask the question, 'Can we put all of the data on your database on PasteBin?'  [^PasteBin] Tha...
(from Software Quality book) One of the best ways to make Developers, Architects and Managers understand confidentiality of data hosted by their application, is to ask the question, 'Can we put all of the data on your databas...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Describe Risks as Features rather than as Wishes
(from Software Quality Book) When opening up a risk JIRA ticket, it is key to describe the exact behavior of that issue  as a feature , versus how you would like to see happening (i.e your wish list). For example: instead of saying  'application should enco...
(from Software Quality Book) When opening up a risk JIRA ticket, it is key to describe the exact behavior of that issue as a feature, versus how you would like to see happening (i.e your wish list). For example: instead of...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Broken Tests Aren't The Problem
(from  Software Quality Book ) It is quite worrying how many times you hear complains about test's execution (for example their speed or how hard they are to maintain) These complains can be so strong, that they can even question if the tests are 'worth it'...
(from Software Quality Book) It is quite worrying how many times you hear complains about test's execution (for example their speed or how hard they are to maintain) These complains can be so strong, that they can even ques...
1
Add a comment...

Dinis Cruz

Shared publicly  - 
 
Using JIRA to manage RISKS - v1.0 - OWASP AppSec EU - June 2016
Here is the presentation I just delivered at OWASP's AppSec EU in Rome Using jira to manage risks v1.0 - owasp app sec eu - june 2016 from Dinis Cruz
Here is the presentation I just delivered at OWASP's AppSec EU in Rome Using jira to manage risks v1.0 - owasp app sec eu - june 2016 from Dinis Cruz
3
Add a comment...
Basic Information
Gender
Male
Links
YouTube
Contributor to