Skip to main content

Pete Herzog

Pete knows how to solve very complex security problems. He's co-founder of the Institute for Security and Open Methodologies (ISECOM). He created the international standard on security testing and analysis and Hacker Highschool.

Posts by Pete Herzog
  • 3 Jobs Other than Developers That Need to Know Application Security

    Who is responsible for software security? This question has been asked by many in the industry. It’s asked because when major software vulnerabilities lead to data breaches or major problems, some may want to know who to blame. Others want to know how to prevent such mistakes in the future. Where should resources be directed to help prevent software vulnerabilities? Focus has increased… READ MORE

Stay up to date on Application Security

  • Zero to Hashing in under 10 Minutes: Argon2 in Nodejs

    View a screencast walkthrough of the material in this post. Those who work with the Agile methodology expect change. The security field is no different. It’s hard for developers to keep up with all of the changes in application security practices. In fact, it’s sometimes difficult for security experts to keep up with the same changes. A recent change (in security terms) occurred when a new… READ MORE

  • How Do You Encourage Developers to Be Passionate about Security? Give Them Some Grit

    Most security teams and security executives want developers to care about application security. This is not to say that developers don’t care about security. Such a sweeping generalization is simply not appropriate. There are developers who care. Still, what organizations want most is to increase the number of developers that do care and decrease security bugs in their software. No one… READ MORE

  • Use Golang? These Mistakes Could Compromise Your App’s Security

    The Go Programming Language, sometimes referred to as Golang, is Google’s new programming language. It was released in 2009 and has developed a growing fanbase of developers. The TIOBE index, which measures the popularity of programming languages at any given time, has shown steady growth in popularity for Go since it was released. In May 2015, Go was #122 on the TIOBE index… READ MORE

  • Learn from Your Mistakes: How to Create Feedback Loops for Better Security

    As software grows in complexity, the chance that vulnerabilities are present increases. Experiencing some software vulnerabilities is almost inevitable, but you shouldn’t need to experience the same well-known vulnerabilities appearing over and over again in the same application. Your company probably undergoes penetration tests. Hopefully, you have a bug bounty program as well. But what happens… READ MORE

  • How Secure Are Popular Web Frameworks? Here Is a Comparison

    There is no shortage of web development languages and frameworks. Developers have many factors to consider when selecting which framework to use. Security is one of those factors, especially when developing a critical application for the business. In this post, we’ll discuss how five popular frameworks tackle common security issues. We’ll discuss how these frameworks measure up to the OWASP… READ MORE

  • Why Hands-on Security Training Is Essential for Developers, and How to Do It

    When you ask developers what they think of security training, they will likely go into the situation without much enthusiasm as security training can be monotonous if it isn't thoughtful and mindful of the needs of developers.  Developer security training is important because developers are the ones writing the code in the first place. However, most security training leaves developers bored… READ MORE

  • OWASP 2017 Top 10: Let’s Change the List, Part 2

    The Open Web Application Security Project (OWASP) has been releasing its Top 10 list of common risks since 2003. The OWASP Top 10 2017 is the latest release in a long line of Top 10 lists. This is part two in a two-part post. If you haven’t already, check out Part One first! OWASP Top 10 2017 – 6: Security Misconfiguration Security misconfiguration has been on the list for a while. It can… READ MORE

  • OWASP 2017 Top 10: Let’s Change the List

    The Open Web Application Security Project (OWASP) has been releasing its Top 10 list of common risks since 2003. The OWASP Top 10 2017 is the latest release in a long line of Top 10 lists. There are some risks that stick around from iteration to iteration. Some are new, some have left. If you’re a developer, you can help eliminate these risks from the next Top 10 list. If you’re a CISO, security… READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.