Papers and articles about security and web applications

Cooperation between BSI and mgm: Increasing the security of open source software

As part of the "Code Analysis of Open Source Software" (CAOS) project of the German Federal Office for Information Security (BSI), the program code of common open source projects was examined for vulnerabilities. Security experts from mgm were allowed to support the BSI in this. The aim of the investigations were two video conferencing systems and two eID templates, which are intended to help increase the security of open source software with the help of vulnerability analysis. The results of the CAOS project were published in summer 2023.

OWASP Low-Code Top 10 – What the Security Recommendations Mean for A12 Applications

While low-code approaches are becoming increasingly popular, security aspects are also drawing more attention. The OWASP Low Code/No-Code Top 10 was recently published as a list of the most common security risks that organizations should be aware of when developing and deploying low-code applications. We summarize to what extent the points affect A12 applications.
Lilia G. vom mgm Quality Team

Mastering Enterprise Software Quality Assurance: Maximum Quality with Minimum Effort (1/4)

In a streamlined software development process, quality assurance becomes vulnerable when challenges and risks increase. These put a strain on time and resources and reduce quality. Addressing these aspects is essential, especially in terms of product quality, time and resources.

How Architectural Decisions Impact Threat Modeling and Enterprise IT Security

In threat modeling, various methods can be obtain an overall picture of an application's vulnerabilities and the various mitigation measures. Almost all available methods are based on the fact that a digital system is first designed by its architecture. This usually includes all known components within an application or IT system, how they are interconnected, and where trust boundaries lie. Early decisions about the architecture can therefore have a major impact.

Understanding How to Mitigate Security Threats and Risks with Threat Modeling

In the field of security of web applications and mobile apps, threat modeling is a method that can be considered primarily as a means of performing deliberate risk management. There are many ways to identify and assess threats. Although the techniques differ: The basic principle is always to use them to identify the risks to an application or IT system and, more importantly, to agree on what those risks are.

mgm at the Software Quality Days 2023

mgm will be present at the Software Quality Days from May 23 to 25, 2023 with strong participation in presentations in the disciplines "DevSecOps" and "Quality Assurance Accompanying Development" as well as an information booth.

That’s the thing: ISO 27001 certification for mgm

After around a year of preparation, planning and implementation, mgm technology partners is now an ISO/IEC-27001-certified company. For this, the key information security risks were identified, protective measures were defined and monitoring processes were drawn up.

JavaSPEKTRUM: Article on the holistic approach to security

News about successful attacks on applications and companies is no longer a rarity these days.
Die Website des ii Magazins ist online.

Website of the ii-magazine online: Become part of the ii-Community

The ii-magazine offers well-founded and practical insights into digital transformation - now also on its own website. Join the community: we welcome guest authors!

You shall not pass

A user name and a password are not enough. An increasing number of Internet services are opting for multifactor authentication as being more secure....