Here’s a pretty cool idea. Have a different expert write about a key cybersecurity term every week for a year. Oh, that’s already being done?

Well, yes. The website TheLanguageOfCybersecurity.com is revealing one new topic every week. A guest expert explains an important cybersecurity term that every business professional should know and understand. By the end there will be 52 essays from 52 experts. This also comes as a book—links are on the website. I’m not selling anything, just sharing.

I’m excited about this because the term of the week beginning Tuesday, May 21, 2019 is by Fortify’s own Lucas von Stockhausen for this powerhouse term: Static Application Security Testing.

Since I have a bias towards application security, it is pretty cool to see the most important term given to Fortify. After all, we are a long-time leader in the space. Yes… I have to mention that Micro Focus Fortify was named a Leader in 2019 Gartner MQ for Application Security Testing last month. This marks the 6th time that Micro Focus has been named a Leader in the 6 years Gartner has being doing a Magic Quadrant for Application Security Testing. Yay!

Lucas is also one of our in-house experts. He has deep knowledge of static, dynamic, and interactive application security testing as well as runtime application self-protection (RASP) technologies. Importantly, he has great perspective on how companies implement these solutions, including processes such as the Building Security In Maturity Model (BSIMM) and the OWASP Software Assurance Maturity Model (SAMM).

Here’s the full list of topics being covered (and when they are posted)…note that the final topics will continue to be posted weekly through August:

Vulnerabilities

• Social Engineering -- 2018-07-31
• Security Fatigue -- 2018-08-07
• Shadow Security -- 2018-08-14
• Data Leak -- 2018-08-21
• Insider Threat -- 2018-08-28
• Zero-day Vulnerability -- 2018-09-04
• Dark Web -- 2018-09-11

Exploits

• Phishing -- 2018-09-18
• Ransomware -- 2018-09-25
• Botnet -- 2018-10-02
• Advanced Persistent Threat -- 2018-10-09
• Buffer Overflow Attack -- 2018-10-16

Defenses

• Authentication -- 2018-10-23
• Endpoint Security -- 2018-10-30
• Multi-factor Authentication -- 2018-11-06
• Identity Management -- 2018-11-13
• Physical Access Control -- 2018-11-20
• Biometrics -- 2018-11-27
• Security Awareness -- 2018-12-04
• Situational Awareness -- 2018-12-11
• Behavioral Monitoring -- 2018-12-18
• Non-repudiation -- 2019-01-08
• Privilege -- 2019-01-15
• Firewall -- 2019-01-22
• Encryption -- 2019-01-29
• Sandboxing -- 2019-02-05
• Hardening -- 2019-02-12

Planning, Management, and Controls

• Governance, Risk Management, Compliance (GRC) -- 2019-02-19
• Application Risk Governance -- 2019-02-26
• Vulnerability Assessment -- 2019-03-05
• Business Impact Assessment (BIA) -- 2019-03-12
• Business Continuity Plan -- 2019-03-19
• Incident Response Plan -- 2019-03-26
• CISO -- 2019-04-09
• Risk Register -- 2019-04-16
• Metrics -- 2019-04-30
• Audit -- 2019-05-07
• Threat Modeling -- 2019-05-14
• Static Application Security Testing -- 2019-05-21
• Penetration Testing -- 2019-05-28

Compliance

• Confidentiality -- 2019-06-04
• Integrity -- 2019-06-11
• Availability -- 2019-06-18
• Separation of Duties -- 2019-06-25
• Policy -- 2019-07-02
• Standards -- 2019-07-09
• Regulation -- 2019-07-16
• Privacy -- 2019-07-23
• Controls -- 2019-07-30
• Payment Card Industry Data Security Standard (PCI DSS) -- 2019-08-06
• General Data Protection Regulation (GDPR) -- 2019-08-13
• Kill Chain -- 2019-08-20

Bonus:

Lucas also recently did two short demos on our Fortify Unplugged YouTube channel. Check them out—and leave a friendly comment and please “Smash the like button!”

• Cross-Site Scripting (XSS) Web Attack (Demo for AppSec)
• SQL Injection Web Attack (Live Demo for AppSec)

About Micro Focus Fortify:
Micro Focus Fortify offers the most comprehensive static and dynamic application security testing technologies, along with runtime application monitoring and protection, backed by industry-leading security research. Solutions can be deployed in-house or as a managed service to build a scalable, nimble Software Security Assurance program that meets the evolving needs of today’s IT organization.