TSS-WEB 1.6 Available

We are proud to release an updates version of our web security standard template TSS-WEB in both English and German language.

Besides a few smaller fixes and changes, we modified a number of sections and updated many requirements (e.g. service security) and integrated coverage for OWASP Top Ten 2017 and ISO27002. Details about the changes can be found in the changelog.

The content is released under the Creative Common license and can hence be used or changed for free by organizations.

New Secure Coding Guidelines & Threat Catalog Available

We at Secodis have developed extensive practical know-how in this field, especially for the Java stack and for various Web frameworks. If you need sound requirements or guidelines we do not start in a “green-field” but can use our existing security guidelines as a comprehensive foundation for your customization. This approach is not only cost effective but ensures a high quality of your requirements as well.

Since many customers prefer to build their guidelines within Atlassian Confluence, we now provide our guidelines and threat catalog as an export for Atlassian Confluence as well. Integration into SharePoint (via SharePoint Connector) is possible as well.

A teaser of the guidelines can be found here.

Our new Book is available!

Finally, and after many months of work, the second edition of the popular book on applied Web application security by Matthias Rohr is now available as both hard cover and ebook. In this new edition Matthias has mostly focused on new technologies and practices such as DevSecOps, agile security or container security. Unfortunately, the book is only available in German.

More information is available at the official Web site of the book: https://www.webappsecbuch.de.

New Version of TSS-WEB Standard Now Available in Englisch

We have been working really hard on a English version of our Web Security Standard Template TSS-WEB the last couple of months. Now we are happy to announce that we’ve finished th draft version. As of the German version it can be downloaded for free in PDF and Word format. The goal of this document is to provide a set of security requirements for Web-based applications and services that teams and organizations can easily copy-paste and changes to implement their own standard.

New Book: Web Application Security in Practice (German Language)

Cover- FrontFinally it’s done! After many months of work the new book from Matthias Rohr is finally finished and will be available soon. In in, Matthias will give a full overview of the web application security field. In seperated sections it will depict threats for Web applications, countermeasures, assessment techniques (e.g. pentests and thrat modeling) as well as best practices for establishing a sustainable application security within the organization. Unfortunatelly, the book will be at first available in German language only.