Threat Modelling using STRIDE

I’ve worked on a couple of threat modelling jobs for Wire-Security. We take a STRIDE approach to the methodology. You’ll come across many resources online from other bloggers etc. that will be a much more comprehensive guide for some people but I’m going to keep it simple here, and hopefully satisfying, and write about what works for us.

STRIDE comes in great for a guide to writing part of your report however we also need to add a graphic.

Flow Diagram

alt te…</p>


                                    <div class=

How to Pentest Mobile Apps in 2020 - A Sensible Approach


I'm Jabo and I'm a consultant here at Wire Security. I've been an app developer since 2012 and I'm just getting started in my career in security. I've always felt like a hacker and these days I'm over the moon to actually be one! I'm going to be writing more articles here regularly so please remember to check back and keep an eye on our company Twitter feed: @Wire_Sec

Old News<…

Is Black Box Testing dead?


When I was reading through the OWASP ASVS 4.0 PDF a few weeks ago, I was stopped in my tracks as early as page 10. Specifically by the following quotes : "Black box testing is not effective assurance and must stop." "Over the last 30+ years, black box testing has proven over and over again
to miss critical security issues that led directly to ever more massive breaches."

Now, let me preface this with the clarification that this post is not an attack…

Thoughts on Security Policies


I was asked to write my thoughts about security policies down by a good friend of mine and spent the better part of a Sunday morning in April thinking about the topic. This post is the unedited version of the thought process. I'm sharing it here because it might prove useful for some of you.

How we got here

Security policies, for most organizations, came in vogue in the early 2000s as it became apparent that IT infrastructures became more and more import…