Our open web development security standard, TSS-WEB, has helped many organizations over the years defining their own set of requirements for this area. Since web development and its security aspects changes quickly, we’ve completely revised the standard and have also integrated OWASP SAMM v2.0, ISO/IEC 27002 and German IT-Grundschutz-Kompendium 2020 into it. TSS-WEB v2.0 is now available at https://tss-web.secodis.com, of course still under Creative Commons.
TSS-WEB 1.8 Available
We are proud to release an updates version of our web security standard template TSS-WEB in both English and German language.
Besides a few smaller fixes and changes, we modified a number of sections and updated many requirements (e.g. security testing or Secure SDLC requirements).
The content is released under the Creative Common license and can hence be used or changed for free by organizations.
New Secure Coding Guidelines & Threat Catalog Available
We at Secodis have developed extensive practical know-how in this field, especially for the Java stack and for various Web frameworks. If you need sound requirements or guidelines we do not start in a “green-field” but can use our existing security guidelines as a comprehensive foundation for your customization. This approach is not only cost effective but ensures a high quality of your requirements as well.
Since many customers prefer to build their guidelines within Atlassian Confluence, we now provide our guidelines and threat catalog as an export for Atlassian Confluence as well. Integration into SharePoint (via SharePoint Connector) is possible as well.
A teaser of the guidelines can be found here.
Our new Book is available!
Finally, and after many months of work, the second edition of the popular book on applied Web application security by Matthias Rohr is now available as both hard cover and ebook. In this new edition Matthias has mostly focused on new technologies and practices such as DevSecOps, agile security or container security. Unfortunately, the book is only available in German.
More information is available at the official Web site of the book: https://www.webappsecbuch.de.
New Version of TSS-WEB Standard Now Available in Englisch
We have been working really hard on a English version of our Web Security Standard Template TSS-WEB the last couple of months. Now we are happy to announce that we’ve finished th draft version. As of the German version it can be downloaded for free in PDF and Word format. The goal of this document is to provide a set of security requirements for Web-based applications and services that teams and organizations can easily copy-paste and changes to implement their own standard.
New Article on Agile Security in Java Magazin
In a new article in the German developer magazine Java Magazin by Matthias Rohr of Secodis, Christian Schneider and Matthias Pöpping outlines best practices for integrating security into agile development teams and processes. A teaser can be found here.
Secodis @ OWASP AppSec EU 2016
In June, Matthias Rohr will give a talk on this years OWASP AppSec EU on Practical Threat Modeling with Microsoft Threat Modeling Tool 2016. In his talk, Matthias will present his expierences with successfully using and enhancing this new tool in various customer projects.
Speech on Secure SDLC at JAX 2015 / 23.4.2015
On this years JAX Conference, Matthias Rohr will give a speach on best practices for implementing security into the development process (Secure SDLC). The speach will be in German. Date: 23rd, April 2015, location: Rheingoldhalle, Mainz.
New Book: Web Application Security in Practice (German Language)
Finally it’s done! After many months of work the new book from Matthias Rohr is finally finished and will be available soon. In in, Matthias will give a full overview of the web application security field. In seperated sections it will depict threats for Web applications, countermeasures, assessment techniques (e.g. pentests and thrat modeling) as well as best practices for establishing a sustainable application security within the organization. Unfortunatelly, the book will be at first available in German language only.