Friday, November 24, 2017

Press Commentary to SC Magazine UK

I gave a press commentary earlier this week on web application security, and how the landscape has changed. Davey Winder has used some of my comments in his piece, which went live this morning. The article is called "
OWASP vulnerability chart suggests web app devs are not smelling the security coffee" 

The article link is attached below:

https://www.scmagazineuk.com/owasp-vulnerability-chart-suggests-web-app-devs-are-not-smelling-the-security-coffee/article/709470/

Sunday, October 8, 2017

Friday, September 8, 2017

Search Files and Copy to a Folder

It has been a herculean task creating, updating Visio since I got a Windows Virtual Machine from my company for my Mac. Sharing folders, the virtual machine crashing, copying back and forth, and the numerous folders I had were making things even worse.

So, I decided to keep all windows specific files in one single folder so it would be easy to share those specific folders and manage them. When I did a quick search for Visio files, found out over the years I had created literally 100's of them. You can imagine copying them one by one based on if I even need them or not.

Being a automation queen, I decided to use the same. A simple command run once, search all files and copy them. Hurray. Below is the command if you are looking for something similar.


msubbarao$ find . -name "*.vsd" -type f -exec cp {} /Users/msubbarao/Documents/development/visio-diagrams \;

Once this worked, I used the same for all my powerpoint and went a step ahead. 

Meera:~ msubbarao$ find . -name "*.ppt*" -type f -exec cp {} /Users/msubbarao/Documents/development/presentations \;

Now that I have this in my blog, I can revisit this commands and get anything copied in one simple command. Yay to technology!

Friday, July 7, 2017

Building your DevSecOps pipeline: 5 Essential Activities



Published an article on building your #DevSecOps pipeline: 5 essential activities http://bit.ly/2tWJU1G on my company's blog. Read at your leisure, share your thoughts.

Tuesday, May 23, 2017

Software Test Professionals Fall Conference 2017, September 26 – 29

I will be speaking in the Software Test Professionals Fall Conference 2017, September 26 – 29, held in the DC Metro Area on Risk Based Security Testing. It is a 60 minute session.

 Below is the link to my speaker page.
 Speaker - Meera

And the link to the conference page:

STP Conference

Friday, May 19, 2017

Building security into the DevOps life cycle

A new eBook I wrote for my company has just been published. Download a copy from the company website.



The primary goal when breaking the build in the CI/CD DevOps life cycle is to treat security issues with the same level of importance as quality and business requirements. If quality or security tests fail, the continuous integration server breaks the build. When the build breaks, the CI/CD pipeline also breaks. Based on the reason for the broken build, appropriate activities such as architecture risk analysis (ARA), threat modeling, or a manual code review are triggered.
This eBook provides actionable insight into:

  •  Building security into your DevOps SDLC 
  • Understanding the relationship between security and quality in the CI/CD pipeline 
  • Coordinating various teams to ensure that the process is well defined, tools are properly configured, and developers are ready to resolve issues when the build breaks
Download the eBook from here:

Friday, March 10, 2017

Wednesday, March 8, 2017

#BeBoldForChange on International Women’s Day 2017

And here is the one I wrote for my company Synopsys.

https://blogs.synopsys.com/software-integrity/2017/03/08/beboldforchange-international-womens-day-2017/

Read at your leisure!

#BeBoldForChange

Today is International Women's day. The UN theme for 2017 is Empowering Women: Empowering Humanity #BeBoldForChange. What better way to celebrate it than by writing a blog post about breaking the stereotype messages we hear all the time?

I am bold and strong being a woman.
I am bold and fierce being a Senior Principal Consultant in the Security Consulting world, which is dominated by Men.
I am bold and loving and caring being a Mom, in spite of having missed a few award ceremonies and a few tennis lessons for my Daughter.
I am bold and a loving Wife, and still cry on the shoulders of my amazing Husband.
I am bold and still scared while driving at night, and call my Husband.
I am bold and an amazing cook, but still crave for a plate of food to be handed to me when I return from a long day at work. I enjoy every bite of it when handed to me by none other than a Man my Husband.
I am bold and a woman, and Mentor many men at work.
I am bold and a Hindu, and still believe in the Supreme Lord Krishna.
I am bold and a staunch devote of my beloved Guru who is again a Man.
I am bold and a confident woman, and speak at many events and conferences which is filled by Men.
I am bold and adventurous and travel alone for Work.

Who says that being a woman means doing the stereotypes? I have broken several barriers, and push my Daughter, my Mentees, woman I work with, woman I met in my everyday life to break those barriers, and still be a woman.

To quote from the blog I wrote for my Company with minor changes:

This International Women’s Day, based on the theme I want to challenge women around the world to be brave and bold. Be BRAVE and be BOLD, sign up for new challenges which you have never accomplished. Challenge yourself to break the stereotypes.

I will close this post by a famous quote from our 44th President of the United States Barack Obama “Change will not come if we wait for some other person, or if we wait for some other time. We are the ones we've been waiting for. We are the change that we seek.” 

-->

Monday, March 6, 2017

Speaking at We RISE Women in Tech Conference

My talk has been selected for We RISE Women in Tech Conference. The conference is on June 23rd Friday and June 24th Saturday at Atlanta, GA 30303.

You can find details about the conference and the venue at the link below:

We Rise Women in Tech Conference

Monday, August 1, 2016

Why it's time for a new approach to agile security Q&A with @MeeraSRao via @BetaNews

I did a Q&A with BetaNews about "Why it's time for a new approach to agile security Q&A".

Take a look at the same at the following link:

Link for Q&A

Defensive Programming for JavaEE Web Applications - Workshop in Kerala 18-Aug-2016

If you are in or around Kerala, come join me for a day long workshop on " Defensive Programming for JavaEE Web Applications".

You can find all details about the workshop on the conference page located here:

http://is-ra.org/c0c0n/workshops#WS1

Monday, July 11, 2016

Overcoming the 6 Most Common Threat Modeling Misconceptions

Threat modeling promotes the idea of thinking like an attacker. It enables organizations to build software with security considerations, rather than addressing security as an afterthought. However, there are some very common misconceptions that can cause firms to lose their grip around the threat modeling process. This eBook shines a bright light onto the essentials and helps to get your bearings straight with all things related to threat modeling.

Download the complete eBook to:

  • Learn about the most common threat modeling misconceptions
  • Discover the 5 pillars of a successful threat model
  • Determine how to take control of your risk management process
The eBook is published on my company's website, you can download the same from here:

Wednesday, June 15, 2016

How to Build Security Into Your Software Development Process

An amazing ebook. Download and let us know your thoughts!



To standardize the software development life cycle (SDLC), organizations implement development methodologies to fulfill their objectives in a way that best suits their organizational goals. Whether you use Agile, Waterfall, or something in between, building security into your SDLC can improve efficiency and reduce costs if it’s done the right way.
Download the complete eBook to:
  1. Learn how to add security to the various phases of your SDLC
  2. Understand how secure software development works in theory and in the real world
  3. Examine how to implement security activities with purpose
  4. See how to get started

Friday, May 20, 2016

Speaking @ Jenkins World 2016

I am excited and honored to be speaking at this years Jenkins World 2016 Conference to be held in SANTA CLARA CONVENTION CENTER, CALIFORNIA from SEPTEMBER 13 - 15, 2016.

If you are passionate about Security, Jenkins than come see me talk at the conference.

I am giving a talk on "The Three Pillars Behind Continuous Security".

I have been using Jenkins from the day it was made public and was called Hudson. No matter what you are using Jenkins or Hudson or Bamboo or any other CI tool, this talk is definitely going to help you Build Security In.

Saturday, May 14, 2016

SECOND ANNUAL CYBERSECURITY WORKSHOP FOR WOMEN AND MINORITIES!

I am excited to be part of the panel and contributing to the"
SECOND ANNUAL CYBERSECURITY WORKSHOP FOR WOMEN AND MINORITIES!" conference in Huntsville, Alabama.



The link to the page is attached below:

Conference Page

If you are in and around Huntsville, come join us.

Saturday, April 4, 2015

Women in Cyber Security

Last week, Friday and Saturday I attended and spoke at the Women in Cyber Security Conference (WiCyS). The Conference took place in Atlanta, USA on March 27th and 28th. The main goals of the conference was:
  • Security professionals worldwide are expected to increase to nearly 4.2 million by 2015.
  • Women’s representation in this male-dominated field of security is alarmingly low.
  • WiCyS expects to raise awareness about the importance and nature of cyber security career .
  • Hopes to generate interest among students to consider cyber security as a viable and promising career option.
All of the keynote speakers were women in top positions in Cyber Security.
  • Jenn Lesser Henley, Facebook
  • Sherri Ramsay, CyberPoint
  • Phyllis Schneck, Department of Homeland Security
  • Angela Kay, Microsoft
I gave a Technical Presentation on "Know Your Enemy, and Yourself: Demystifying Threat Modeling".
I was amazed to see so many women and young college girls attend the conference. This being just the second year of the conference there were 500 security professionals who attended. It was an interesting mix of students, professors and security professionals who attended.


I am glad I was able to find the Job which is my passion, I work like crazy, never complain, except for the traffic when I go to work.

If you have anyone who is interested to join this profession, either here in the United States or in Bangalore, India leave a comment and send me your resume.

Yes, you read it correct. My Company Cigital has a branch in Bangalore, India. 

Friday, December 19, 2014

Getting All Maven Dependencies

If you are running any static analysis tool for Java, you know how hard it is to get all dependencies from a client. This is especially true if the application uses Maven build. Most clients use Nexus, which makes it even harder to get libraries to compile.

During one such engagement, one of my team members was struggling to compile the code. And anytime you have compilation errors, many of the static analysis tools produce 0 findings.

That's when I sent this simple command line option to my team member, who in turn was able to ask the client to send them all the dependencies using this command. And this worked like a charm, we had all libraries required to compile the code, the tool was happy, we were happy and the client was happy as well.

So, here it is. Make sure you can compile the code without any errors.

From a command line within your project, run "mvn clean compile"


Next, once you have a clean compilation, run the command "mvn dependency:copy-dependencies". This will copy all the dependencies into the target\dependency folder.


Take a look at the target\dependency folder, you have all the libraries to compile and can now configure any tool to scan your code successfully.






Sunday, October 12, 2014

Apache Commons CLI - A Simple Example

As the saying goes " Out of Sight, Out of Mind", I was unable to remember how often I had used the Apache Commons CLI API in my Developer days. Now that I mostly work on Security engagements, when I was reminding one of our Consultants to use command line options, I couldn't remember the name of Commons CLI.

As soon as I got back home from the client site, I fired up my laptop, and there it was the code written almost several years back which used the Apache Commons CLI API.

The best way to get access to these code examples is to blog here, and you have it handy anywhere in the world, right?

The Commons CLI has great documentation on its website. Take a look:

http://commons.apache.org/proper/commons-cli/

Follow the steps below to get it up and running in a few mins:

1. Download Commons CLI from here:
http://commons.apache.org/proper/commons-cli/download_cli.cgi

2. Create a simple Main class:

3. As seen in the above screen shot, use the org.apache.commons.cli.Options to specify the command line options. For mandatory options, use the .isRequired().

4. Add descriptions to each command line option.

5. Next, parse command line input with set options as shown below:


6. Finally, get the individual command line options using the CommandLine object. For the ones which are optional, check if the argument is available using the .hasOption method.

7. Now run the jar file from the command line and you are all set. If an an option which is required is not set, it will print the help message as shown below:



8. If all the required options are specified, you see a message as such:


That's all it is for using the Apache Commons CLI. Happy Coding.