Tag: checklist

  • Python Security Showdown: Which Tool Actually Protects Your Code?

    On an almost daily basis, I see new Static Application Security Testing (SAST) tools emerging. Nearly all of these new solutions are powered by LLMs and offered exclusively as SaaS products.

    Security is not a trivial matter. High-quality security tools are essential to protect your organisation. What is far more dangerous, however, are professional-looking cybersecurity tools that claim to deliver robust protection but, in reality, provide poor results. Tools of low quality do not just fail to protect you — they create a false sense of security. And that risk is enormous.

    (more…)

  • Python Secure Coding Guidelines

    In today’s digital world, security remains a critical concern. This applies equally to Python software. Security breaches that are possible when running untrusted Python programs are real.

    This checklist is intended for anyone who wants to create Python programs that are secure by design.

    Programming in Python is fun, but when you create programs for others, you SHOULD prevent introducing security weaknesses.

    (more…)

  • Is Pydantic as safe as it Is popular?

    If you want to keep complexity low and minimize security risks, you always need to decide whether using an external Python library is the right choice.

    Practising 0Complexity design principles is never easy. But when it comes to security and minimising dependencies, you should weigh the advantages and disadvantages of using any external Python library.

    Don’t get me wrong: many FOSS Python libraries are excellent, well-maintained software and you’d be foolish not to use them when appropriate.

    So before using a new module in an MVP, running a quick and simple Static Application Security Test (SAST) on the external Python module will provide valuable information from a security point of view.

    (more…)

  • Privacy Benchmark your site

    Maybe you have noticed it. Privacy is an issue. A bit strange since there are only 16 days left until the new EU General Data Protection Regulation (GDPR) will become fully enforceable throughout the European Union.

    So before end of May 2018 all organizations that process data of EU citizens must comply with this General Data Protection Regulation. Determining how to design and improve your systems to meet the GDPR is not straightforward. But before you are done it is advised that you perform a view simple privacy tests. Especially on your website(s). (more…)

  • Architecture checklists

    An architecture checklist helps in the governance process. Architecture checklists can become long, complex and time consuming in usage. However the aim with this architecture checklist is that it will help you and all your stakeholders involved in a simple way when you are dealing with architecture quality and risk aspects.

    This architecture checklist is composed out of some critical questions that all relate back to the main goal of doing architecture in the first place.

    Simple architecture checklist questions:

    • Is your main goal covered and reached with this architecture?
    • Does the architecture address operability?
    • Does the architecture address the following quality attributes:
      • performance
      • availability
      • maintainability
      • modifiability
      • security
      • privacy
      • testability
      • operability
      • flexibility
    • Does the architecture address and use principles? E.g. business principles.
    • Can implementation risks easily be derived out of your architecture deliverables?
    • Are architecture reviews done in a structured way? Architecture reviews SHOULD be performed to increase quality, control costs and reduce risks.
    • Is it clear what assumptions are used for your architecture? (Take explicit and implicit assumptions into account!)