Evan Oslick

Evan Oslick works with businesses to create software assurance programs, perform security reviews, and develop software to streamline business processes. Evan has created several software assurance programs from scratch and been involved with many large scale assessment deployment efforts.
Posts by Evan Oslick

Vulnerability Management: The Art of Cleaning Up Threats

October 29, 2015  | Managing AppSec

A security organization has set up threat modeling. They have implemented static, interactive and dynamic application security testing. All of them are reporting vulnerabilities. What happens next? How does an organization handle all these findings? Vulnerability management is the process of categorizing and remediating threats, and this process needs to be a collaboration between software... READ MORE

SDLC Best Practices: 5 Ways to Bridge the Application Security Gap

September 28, 2015

The biggest challenge for organizations trying to deliver secure applications is integrating application security within the entire software development lifecycle (SDLC). The SANS "2015 State of Application Security" report released in May shows this gap between builders and defenders is closing, however. By implementing the following five SDLC best practices as presented in the report,... READ MORE

Software Security Assurance Requires Relationships

June 3, 2015

Any successful engineering endeavor requires a strong relationship between engineers and clients. Similarly, the success of a software security assurance program hinges on a key relationship: one between security and software engineering teams. Software engineering teams are under a significant amount of stress. There are constant struggles for power, competing requirements to address, most lack... READ MORE

5 Steps Every Data Breach Response Plan Must Have

May 8, 2015

A successful data breach response plan starts with identifying the teams (both internal and external) responsible for handling a response, finalizing communication plans and rehearsing the process. When it comes time to act, it's imperative everyone is able to remain focused, react quickly and adhere to the following five steps: 1. Isolate the Impacted System(s) System isolation is beneficial... READ MORE

How an Agile Development Process Fits into the Security User Story

November 4, 2014

The Agile development process focuses on user stories in order to build products. These stories are delivered in "sprints," which are intended to provide quick feedback. And while that quick feedback is important, the process behind it — which comprises whatever work is conducted during a sprint — comes with a major downside: constant architectural refactoring. The analyst group Securosis... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu