This is a list of papers and presentations I have written, or contributed to, on the subject of software security (~application security) in modern software development.
With "modern", I mean:
I am lecturing a basic course on software security, with emphasis on threat modelling and being able to build secure software in a commercially viable fashion.
These are evolving presentations, and the slides might not correspond exactly to any single specific delivery.
Discovering privacy requirements in software development. Most recently presented at OWASP Helsinki / IAPP KnowledgeNet in January 2015, Forum för Dataskydd in Stockholm in February 2015.
2014: Handbook of The Secure Agile Software Development Life Cycle has one article from me talking about the same thing as the 2012/2013 presentation, above; and another article describing prototype Generic Security User Stories that is also mentioned in the stuff below.
2011: Software security in agile product management (PDF). This is an older paper which I have still up for reference. I don't agree with everything I wrote back then any more. Please have a look at the more recent presentations and articles.
Feedback is always welcome. Contact info.
We use third party analytics on this page. These services may set cookies. You can disable cookies from your browser.