I gave a press commentary earlier this week on web application security, and how the landscape has changed. Davey Winder has used some of my comments in his piece, which went live this morning. The article is called "
OWASP vulnerability chart suggests web app devs are not smelling the security coffee"
The article link is attached below:
https://www.scmagazineuk.com/owasp-vulnerability-chart-suggests-web-app-devs-are-not-smelling-the-security-coffee/article/709470/
Friday, November 24, 2017
Sunday, October 8, 2017
Building application security in from start to finish - SD Times Article
I was interviewed by SD times website. Attached is the link for the interview posted on October 1st 2017.
http://sdtimes.com/building-application-security-start-finish/
http://sdtimes.com/building-application-security-start-finish/
Friday, September 8, 2017
Search Files and Copy to a Folder
It has been a herculean task creating, updating Visio since I got a Windows Virtual Machine from my company for my Mac. Sharing folders, the virtual machine crashing, copying back and forth, and the numerous folders I had were making things even worse.
So, I decided to keep all windows specific files in one single folder so it would be easy to share those specific folders and manage them. When I did a quick search for Visio files, found out over the years I had created literally 100's of them. You can imagine copying them one by one based on if I even need them or not.
Being a automation queen, I decided to use the same. A simple command run once, search all files and copy them. Hurray. Below is the command if you are looking for something similar.
msubbarao$ find . -name "*.vsd" -type f -exec cp {} /Users/msubbarao/Documents/development/visio-diagrams \;
So, I decided to keep all windows specific files in one single folder so it would be easy to share those specific folders and manage them. When I did a quick search for Visio files, found out over the years I had created literally 100's of them. You can imagine copying them one by one based on if I even need them or not.
Being a automation queen, I decided to use the same. A simple command run once, search all files and copy them. Hurray. Below is the command if you are looking for something similar.
msubbarao$ find . -name "*.vsd" -type f -exec cp {} /Users/msubbarao/Documents/development/visio-diagrams \;
Once this worked, I used the same for all my powerpoint and went a step ahead.
Meera:~ msubbarao$ find . -name "*.ppt*" -type f -exec cp {} /Users/msubbarao/Documents/development/presentations \;
Now that I have this in my blog, I can revisit this commands and get anything copied in one simple command. Yay to technology!
Friday, July 7, 2017
Building your DevSecOps pipeline: 5 Essential Activities
Published an article on building your #DevSecOps pipeline: 5 essential activities http://bit.ly/2tWJU1G on my company's blog. Read at your leisure, share your thoughts.
Tuesday, May 23, 2017
Software Test Professionals Fall Conference 2017, September 26 – 29
I will be speaking in the Software Test Professionals Fall Conference 2017, September 26 – 29, held in the DC Metro Area on Risk Based Security Testing. It is a 60 minute session.
Below is the link to my speaker page.
Speaker - Meera
And the link to the conference page:
STP Conference
Below is the link to my speaker page.
Speaker - Meera
And the link to the conference page:
STP Conference
Friday, May 19, 2017
Building security into the DevOps life cycle
A new eBook I wrote for my company has just been published. Download a copy from the company website.
The primary goal when breaking the build in the CI/CD DevOps life cycle is to treat security issues with the same level of importance as quality and business requirements. If quality or security tests fail, the continuous integration server breaks the build. When the build breaks, the CI/CD pipeline also breaks. Based on the reason for the broken build, appropriate activities such as architecture risk analysis (ARA), threat modeling, or a manual code review are triggered.
This eBook provides actionable insight into:
The primary goal when breaking the build in the CI/CD DevOps life cycle is to treat security issues with the same level of importance as quality and business requirements. If quality or security tests fail, the continuous integration server breaks the build. When the build breaks, the CI/CD pipeline also breaks. Based on the reason for the broken build, appropriate activities such as architecture risk analysis (ARA), threat modeling, or a manual code review are triggered.
This eBook provides actionable insight into:
- Building security into your DevOps SDLC
- Understanding the relationship between security and quality in the CI/CD pipeline
- Coordinating various teams to ensure that the process is well defined, tools are properly configured, and developers are ready to resolve issues when the build breaks
Download the eBook from here:
Friday, March 10, 2017
New Apache Struts 2 Zero-Day Vulnerability: What You Need to Know
Synopsys just published an article about the critical Struts 2 vulnerability. Read to know how to mitigate the same.
https://blogs.synopsys.com/software-integrity/2017/03/10/apache-struts2-zero-day-vulnerability/
https://blogs.synopsys.com/software-integrity/2017/03/10/apache-struts2-zero-day-vulnerability/
Wednesday, March 8, 2017
#BeBoldForChange on International Women’s Day 2017
And here is the one I wrote for my company Synopsys.
https://blogs.synopsys.com/software-integrity/2017/03/08/beboldforchange-international-womens-day-2017/
Read at your leisure!
https://blogs.synopsys.com/software-integrity/2017/03/08/beboldforchange-international-womens-day-2017/
Read at your leisure!
#BeBoldForChange
Today is International Women's day. The UN theme for 2017 is
Empowering Women: Empowering Humanity #BeBoldForChange. What better way to
celebrate it than by writing a blog post about breaking the stereotype messages
we hear all the time?
I am bold and strong being a woman.
I am bold and fierce being a Senior Principal Consultant in
the Security Consulting world, which is dominated by Men.
I am bold and loving and caring being a Mom, in spite of
having missed a few award ceremonies and a few tennis lessons for my Daughter.
I am bold and a loving Wife, and still cry on the shoulders
of my amazing Husband.
I am bold and still scared while driving at night, and call
my Husband.
I am bold and an amazing cook, but still crave for a plate
of food to be handed to me when I return from a long day at work. I enjoy every
bite of it when handed to me by none other than a Man my Husband.
I am bold and a woman, and Mentor many men at work.
I am bold and a Hindu, and still believe in the Supreme Lord
Krishna.
I am bold and a staunch devote of my beloved Guru who is
again a Man.
I am bold and a confident woman, and speak at many events
and conferences which is filled by Men.
I am bold and adventurous and travel alone for Work.
Who says that being a woman means doing the stereotypes? I
have broken several barriers, and push my Daughter, my Mentees, woman I work with,
woman I met in my everyday life to break those barriers, and still be a woman.
To quote from the blog I wrote for my Company with minor
changes:
This International Women’s Day, based on the theme I want to
challenge women around the world to be brave and bold. Be BRAVE and be BOLD,
sign up for new challenges which you have never accomplished. Challenge
yourself to break the stereotypes.
I will close this post by a famous quote from our 44th
President of the United States Barack Obama “Change will not come if we
wait for some other person, or if we wait for some other time. We are the ones
we've been waiting for. We are the change that we seek.”
-->
Monday, March 6, 2017
Speaking at We RISE Women in Tech Conference
My talk has been selected for We RISE Women in Tech Conference. The conference is on June 23rd Friday and June 24th Saturday at Atlanta, GA 30303.
You can find details about the conference and the venue at the link below:
We Rise Women in Tech Conference
You can find details about the conference and the venue at the link below:
We Rise Women in Tech Conference
Subscribe to:
Posts (Atom)
Posts
