LOGIN
התחברות או הרשמה
להמשך הרשמה ידנית – לחץ על כפתור ההרשמה, להרשמה/כניסה מהירה בעזרת חשבון רשת חברתית – לחץ על הלוגו בכותרת
הרבה זמן ידעתי שאני אגיע ל european…
מה אנחנו המנהלים חושבים על הכשרות העובדים…
איך ליצור יחסי עובד-מנהל טובים ואיך ליצור…
A real fact-check. Beware of cunning tricks in technical writing.Continue reading on Medium »
CISA recently released the top 10 reasons for security lapses in well-established enterprises that have strong security posturing. It is interesting to see that the top lapses are because of not following the[…]
1.12.2023 | 10:34Welcome back to another FfF. Here are a few interesting things I found this week. I post this every year, but it’s worth it. The 2023 Advent of Code begins today. I never[…]
1.12.2023 | 3:08
My previous article resonated with many testers. I realized the list was incomplete, so I decided a follow-up was necessary. Thanks to Dawid Dylowicz for some of the links. So, here are 7[…]
A real fact-check. Beware of cunning tricks in technical writing.Continue reading on Medium »
CISA recently released the top 10 reasons for security lapses in well-established enterprises that have strong security posturing. It is interesting to see that the top lapses are because of not following the basics of security. In this article, we will take a look at how to align security testing for software quality. Here are the top 10 reasons as per CISA for lapses in the organisations: Default software and application configurations Improper user and administrative user separation Insufficient internal network monitoring Lack of network segmentation Poor patch management System access controls bypass Weak or misconfigured MFA Insufficient access control lists on shared services Poor credential management Unrestricted code execution Let us look at how to be effective in security testing for software quality Security Testing For Software Quality As you can see, all of the topics above can be thwarted by careful application of proper validation and verification by the product team, especially the security testing folks. It is surprising that even in large enterprises, these kind of vulnerabilities happen again and again, year after year. While human fatigue is shown as the cause in most of the cases, automated checks should be able to catch many of the above. It looks like for better quality, we need to raise the bar for better results. Let’s take the above top 10 list as a reminder that basic security practices are so important and should be taken care of. Security testing folks should keep this in mind. Security is an[…]
1.12.2023 | 10:34 קרא עוד...Welcome back to another FfF. Here are a few interesting things I found this week. I post this every year, but it’s worth it. The 2023 Advent of Code begins today. I never do it all, but I always do a week or two. Tons of fun and stupid programming tricks. Here’s one to save – a nice concise post on The Bluffers Guide to the Mythical Man Month Like a lot of people, I’m still wallowing in the possibilities of Generative AI. This article on how Generative AI will transform virtual meetings is promising. Many of you know that I’m a huge trivia lover. I had a chance this week to attend a few dive-bar trivia sessions put on by Seattle Bar Trivia, and had a blast. Downtown Seattle still hasn’t quite recovered to what it was before the pandemic, but I like the ideas in this Downtown Seattle Activation Plan Thanks again for reading. See ya’ in a week.
1.12.2023 | 3:08 קרא עוד...
בודק - השתתף בקורס בדיקות, קרא הסילבוס או צפה בקורסים חינמיים כגון BBST – הנחייה זו נכונה הן לבודקים מתחילים והן לבודקים מנוסים שלא עברו קורס מימיהם, ואף כאמצעי לרענון הידע מידיי כמה שנים. לצערנו בשנים…
הכירו את לקוחותיכם "הכירו את לקוחותיכם" למרות שמשפט זה נשמע דיי טריוויאלי והרי אנו כבודקים אמורים לדעת כי "אנו מייצגים את הלקוח בפני הארגון" הרי שבמרבית המקרים יש עוד הרבה מה לעשות ולשפר בנושא. האמת היא…
