Our open web development security standard, TSS-WEB, has helped many organizations over the years defining their own set of requirements for this area. Since web development and its security aspects changes quickly, we’ve completely revised the standard and have also integrated OWASP SAMM v2.0, ISO/IEC 27002 and German IT-Grundschutz-Kompendium 2020 into it. TSS-WEB v2.0 is now available at https://tss-web.secodis.com, of course still under Creative Commons.
We are proud to release an updates version of our web security standard template TSS-WEB in both English and German language.
Besides a few smaller fixes and changes, we modified a number of sections and updated many requirements (e.g. security testing or Secure SDLC requirements).
The content is released under the Creative Common license and can hence be used or changed for free by organizations.
We at Secodis have developed extensive practical know-how in this field, especially for the Java stack and for various Web frameworks. If you need sound requirements or guidelines we do not start in a “green-field” but can use our existing security guidelines as a comprehensive foundation for your customization. This approach is not only cost effective but ensures a high quality of your requirements as well.
Since many customers prefer to build their guidelines within Atlassian Confluence, we now provide our guidelines and threat catalog as an export for Atlassian Confluence as well. Integration into SharePoint (via SharePoint Connector) is possible as well.
A teaser of the guidelines can be found here.
Finally, and after many months of work, the second edition of the popular book on applied Web application security by Matthias Rohr is now available as both hard cover and ebook. In this new edition Matthias has mostly focused on new technologies and practices such as DevSecOps, agile security or container security. Unfortunately, the book is only available in German.
More information is available at the official Web site of the book: https://www.webappsecbuch.de.
We have been working really hard on a English version of our Web Security Standard Template TSS-WEB the last couple of months. Now we are happy to announce that we’ve finished th draft version. As of the German version it can be downloaded for free in PDF and Word format. The goal of this document is to provide a set of security requirements for Web-based applications and services that teams and organizations can easily copy-paste and changes to implement their own standard.
In June, Matthias Rohr will give a talk on this years OWASP AppSec EU on Practical Threat Modeling with Microsoft Threat Modeling Tool 2016. In his talk, Matthias will present his expierences with successfully using and enhancing this new tool in various customer projects.
On this years JAX Conference, Matthias Rohr will give a speach on best practices for implementing security into the development process (Secure SDLC). The speach will be in German. Date: 23rd, April 2015, location: Rheingoldhalle, Mainz.
Finally it’s done! After many months of work the new book from Matthias Rohr is finally finished and will be available soon. In in, Matthias will give a full overview of the web application security field. In seperated sections it will depict threats for Web applications, countermeasures, assessment techniques (e.g. pentests and thrat modeling) as well as best practices for establishing a sustainable application security within the organization. Unfortunatelly, the book will be at first available in German language only.