Guides and Materials

Members of the Proactive Risk crew have contributed to many industry guides and technical projects. Below are some of the materials that can help you gain a valuable perspective.

 

Tactical Threat Modeling

Tactical Threat Modeling

White Paper

Threat modeling, a key technique for architecting and designing systems securely, is a method that many SAFECode members employ. This paper leverages SAFECode members’ insights to offer effective ways to better integrate threat modeling and provides a great resource for organizations that are looking to integrate threat modeling into their own development processes and teams.

Tell Me More

_How to HACK Web Applications Manually

​How to HACK Web Applications Manually

Whitepaper

The well-known methodology document about conducting web application security assessments a pre-requisite for those seeking guidance on classes of attack and how to test for them manually.

Tell Me More

Screen Shot 2018-09-19 at 4.44.00 AM

Building a Better Incident Response Program (IRP)

Whitepaper

Breaches happen every day as you learn about them in the news. Is your business prepared?

This project provides a proactive approach to Incident Response planning.

Tell Me More

​Building Code for Medical Device Software Security

​Building Code for Medical Device Software Security

Whitepaper

The elements presented here aim to start builders of software for medical devices down the road toward a building code for software security that will reduce the vulnerability of their systems to malicious attacks, just as codes for physical buildings help their designers and builders create structures that resist threats from fire, wind, water and, in some cases, malicious attacks.

Tell Me More

Managing Security Risks Inherent in the Use of Third-party Components

Managing Security Risks Inherent in the Use of Third-party Components

Whitepaper

This paper breaks down the process and procedures developers need in order to test, improve, and quantify the security of third-party components.

Tell Me More

RFP Criteria

RFP Criteria

Whitepaper

The project is written to raise visibility for software security-related questions that buyers of services should consider when issuing a request for quote as an example or in the procurement process. 

Tell Me More

Screen Shot 2018-09-19 at 5.21.19 AM

OWASP SwitchBlade

Download

OWASP SwitchBlade is an open source program that allows you to perform Denial of Service attacks on web applications.
 
If you are a web app developer, then it is a great tool for you, you can use it to test the stability of your web applications against HTTP Post, Slowloris, and SSL renegotiation attacks
 
Tell Me More

Webinar image

Peanut Butter and Jelly Risk Management

Webinar On Demand

This interactive session with Security Scorecard and PENTESTON® will provide you with a solution for meeting New York State, Department of Financial Service 23 NYCRR 500.

This is particularly relevant for requirements

  • 500.02(Cyber Security Program)
  • 500.03(Cyber Security Policy)
  • 500.05(Penetration Testing and Vulnerability Assessment)
  • 500.09 (Cyber Security Risk Assessment).
Tell Me More