Security Reviews: The Heuristics Zoo, Part 2/2

Introduction (Part I)  The Heuristics Zoo, Part 1/2 Note: standard Disclaimer expressed in Part I applies here as well. Heuristic 5: “Area Expertise” and “Penetration Testing” These two seemingly different techniques share a lot in how they approach managing the complexity of security reviews, so I will consider them together. “Area Expertise” is simply learning….


Security Reviews: The Heuristics Zoo, Part 1/2

Initially meant to fit into one chapter, this text grew quickly and I had to split it into two. So there will be four parts of the article in total. Introduction (or Part I) is here. <Disclaimer>By no means this list is “complete”. I think every security person on the planet can add couple extra good…


Practice and Theory of Security Reviews

Click here if you want’ to skip all the theory and just go to the Security Reviews Heuristics Zoo If you are a software security professional, you might’ve been asked sometimes to conduct a “security design review”. If you felt lost at that point, this article may help you. Here I tried to summarize my…