Reports and Guides
For a second year in a row, Security Innovation has been named a Leader in the Gartner Magic Quadrant for Security Awareness Computer Based Training. Read about our program and why we were selected as a Leader.
Organizations face serious challenges with online payment card security and protecting confidential information. Read the findings from the Ponemon Institute and learn about PCI-DSS and security awareness training major trends.
Educating employees on security best practices can drastically reduce the risk of a data breach within your organization. Following these five simple steps and knowing what to avoid when implementing a program will have you on your way to better online security.
The Ponemon Institute independently surveyed 642 IT professionals in both executive and engineering positions. This study details their responses to the current state of application security, including opinions on security standards, training, and assessments.
Many organizations use the OWASP Top 10 to focus their application security and compliance activities. Learn more about the OWASP Top 10, why it's important, and how it can help you with compliance requirements.
Learn about five common information security mistakes organizations make and recommendations and best practices for building and maintaining a successful information security practice.
Examine the major challenges of software security risk management and the concept of Software Security Total Risk Management (SSTRM), an innovative approach by which enterprises apply software security development and assessment best practices to enhance business revenue and protect against losses.
The Application Security Maturity (ASM) was developed by Security Innovation and is based on analysis of 10 year’s worth of data about organizations and their security investments in technology, people, and processes. Learn why the ASM model was created, how it works, and help fine tune your security related investments.
Learn a practical approach towards mapping application security to compliance requirements, including why application security is difficult for most compliance teams, creating an action plan that endorses application security best practices, and how to document these best practices for auditing purposes.
This paper describes complete lifecycle activities aimed at producing more secure and robust code that can better withstand attacks.
Every organization is unique and needs its own customized approach to ensure success of their training program. This guide presents best practices for taking a "many-hats" approach including creativity, engaging materials, formal structures for learners to navigate, and a solid rooting in how people learn and apply new skills in their jobs.
This guide discusses ways organizations can make sense of the OWASP Top Ten to improve application security, including implementing OWASP best practices into a training program and into the SDLC.
This paper is designed for IT Risk Management, Information Security, and Management personnel seeking a more effective way to identify and prioritize risk. It describes the activities involved in application threat modeling and its goal in the context of IT risk management.
This guide focuses first on identifying the types of issues you should look for in the code being reviewed, and then on finding these bugs as quickly and effectively as possible. It also describes how you can use threat models, architecture diagrams, and other inputs to help guide your review.
Written by our VP of Services, Joe Basirico, this guide teaches how to leverage your alter ego using your imagination and existing knowledge to more thoroughly test your web applications.
There is an accepted five-step process for developing software. This guide describes the typical activities in a team development process and the unique benefits that enable an organization to move through the process in an orderly manner.
This Ponemon Institute 2015 survey of over 500 automotive developers, engineers, and executives provides new insights to help automotive software suppliers understand the current mindset of their developers and build security and safety into their software.
Security Innovation teams up with Frost & Sullivan, a leader in the connected car industry, to analyze key cybersecurity challenges, identify solutions, and capture best practices for building security properly into vehicles.
Written by five Microsoft experts and Security Innovation's CTO Jason Taylor, this paper describes the key components of security engineering including identifying secure objectives, creating threat models, performing code reviews, and more.
This guide outlines three must-follow guidelines that embedded software teams should follow to help protect critical M2M systems against failure and malicious attack, including addressing security early on, building security into development, and protecting systems from unauthorized changes.
Examine threat modeling and learn how it can be used in concert with secure development best practices, including automated source code analysis, peer code reviews, and penetration testing to both identify and mitigate embedded software threats.