Reddit Reddit reviews Secure By Design

We found 1 Reddit comments about Secure By Design. Here are the top ones, ranked by their Reddit score.

Computers & Technology
Books
Computer Programming
Software Design, Testing & Engineering
Software Development
Secure By Design
Check price on Amazon

1 Reddit comment about Secure By Design:

u/get-postanote ยท 3 pointsr/PowerShell

It's alway sa asgood thing to see different per spectives on a given topic or strategy.

However, how do you see your offering as being different, more informative, etc., than the courseware the SANS.org offers on the topic...

https://www.sans.org/webcasts/purple-powershell-current-attack-strategies-defenses-109700

... or the Secure Code strategies that have been in play via the MS SDL (Secure Development Lifecycle) for the last couple of decades?

>About Microsoft SDL
>
>https://www.microsoft.com/en-us/securityengineering/sdl/about
>
>Microsoft Security Development Lifecycle (SDL)
>
>https://www.microsoft.com/en-us/securityengineering/sdl
>
>SDL Resource List
>
>https://www.microsoft.com/en-us/securityengineering/sdl/resources
>
>Writing Secure Code (Developer Best Practices) 2nd Edition, Kindle Edition
>
>https://www.amazon.com/Writing-Secure-Code-Developer-Practices-ebook/dp/B00JDMP718/ref=sr_1_2?keywords=secure+code&qid=1555311132&s=gateway&sr=8-2
>
>Secure By Design 1st Edition
>
>https://www.amazon.com/Secure-Design-Daniel-Deogun/dp/1617294357/ref=sr_1_1?keywords=secure+code&qid=1555311132&s=gateway&sr=8-1
>
>SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25
>
>https://www.amazon.com/SCFM-Secure-Coding-Manual-Programmers/dp/1508929572/ref=sr_1_4?keywords=secure+code&qid=1555311132&s=gateway&sr=8-4

Though there are particluars to a given language, and none of the above are PowerShell specific. The SDL thought, design and implemention relative to a give goal is the same.

Now, the real issue here is all the noise about PowerShell hacking and org leaders using that as the excuse to not allow PowerShell, without fully realizing that the use of PowerShell is a post exploit thing. The hacker got into your system another way, that was not properly defined, managed, protected, understood and or reacted to.

​

Also, there are whole websites and business offering conver Defensice PowerShell, and PowerShell forRed/Blue/Purple Teams.

Example:

https://devblogs.microsoft.com/powershell/defending-against-powershell-attacks/

http://www.defensivepowershell.com/

https://artofpwn.com/offensive-and-defensive-powershell-ii.html

https://adsecurity.org/?tag=powershell-defenses

https://devblogs.microsoft.com/powershell/powershell-security-at-derbycon/

https://nsfocusglobal.com/Attack-and-Defense-Around-PowerShell-Event-Logging

​

Learning how to attack with adn defend against, grants one greater edification on how they need to be thinking about writing and using PowerShell.

But good article. Looking forward to the rest.