Thursday, 23 June 2016

40 technologies used on the 'Maturity Models' nodeJS application

I've been working on an Maturity Model application to help me manage a project where I'm doing an large BSIMM mapping exercise.

The tech stack is based on NodeJS + Angular, and it looks like this:

Tuesday, 21 June 2016

OWASP Mobile Top 10 2016 (Release candidate)

When looking a mobile applications security a great place to start is the OWASP Mobile Top 10 2016 which is currently in its release candidate state (previous version can be found here)

When doing a Threat Model of an mobile application, in addition to the STRIDE questions, go through these 10 items and ask the questions:

Should dependencies be committed to main source-code repo?

What do you think?

Please cast your vote here

Sunday, 19 June 2016

Working on major update of 'Practical Angular JS' book

(email I just sent to my Leanpub readers that chose to be contacted directly)

Thanks for being an reader of my Practical Angular JS book and allowing me to contact you directly with updates (you chose to share your email with me).

The first version of the book was mainly made of blog posts I published at, and it took me a while to figure out how to best complete the book. 

Recently I started working on an project (creating Maturity Models mappings and visualisations for BSIMM) which I was able to open source. This project is a clean implementation of my ideas of how to code and test AngularJS, and once I had the first version of the app working, I realised that this was a perfect first for this Practical Angular JS book.

My current plan is to split the book in to two parts, where 'Part I' is the new content, and 'Part II' is the existing (published content).

Thursday, 9 June 2016

Link to join OWASP Slack

If you want to participate in one of the multiple great AppSec channels at and don't have an account, please use this link:

(posting this a blog so that it is easy to find on Google)

Some draft content on JIRA RISK workflows

On the Software Quality book that I'm writing, I've started to map out the JIRA RISK workflows (as described in this previous blog post)

Here are some of the (very draft) chapters that I have written on this topic.

Let me know what you think of these concepts

Sunday, 5 June 2016

6 sections added to Software Quality Book (on AppSec and Testing)

I have been slowing working on my Software Quality book (with tons of notes captured on small Moleskine notebooks and new audio recordings).

Here are the sections I worked on this week:

Please let me know what you think of them, and if you spot any issues or have comments to make, feel free to open an Issue or send a Pull Request