top of page
A simple Secure-SDLC blog!


Threat Modeling AI Driven products: What Developers Must Add to Their Toolkit
“If we don’t understand how something can break, we’ll never build it securely.”— AppSec maxim, more relevant than ever in the era of AI...
Gaurab Bhattacharjee
Feb 16
9 views
0 comments


Why the Core Tenets of Secure SDLC Still Apply to AI-Driven Software
AI introduces new risks, but the core tenets of Secure SDLC—secure design, threat modeling, secure coding, and continuous testing—are more essential than ever. At AppSec360, we emphasize that integrating security throughout the AI development lifecycle is critical to mitigating threats like data poisoning and adversarial attacks. Secure SDLC isn’t outdated—it’s the foundation for building safe, resilient AI-driven software.
Gaurab Bhattacharjee
Feb 10
6 views
0 comments


Security in Software Development's Feedback Loop: Bridging the DevOps-Architect/Product Manager Divide in Security
Building security into every software development lifecycle (SDLC) phase is a marathon, not a sprint. DevOps teams tirelessly test and...

Gaurab Bhattacharjee
Jan 25, 2024
15 views
0 comments


Navigating the Evolving Landscape of Software Security: Insights from the BSIMM14 Report
The world of software security is continuously evolving, and the BSIMM14 report serves as a crucial compass for navigating this complex...

Gaurab Bhattacharjee
Jan 23, 2024
83 views
0 comments


Product Security Delivery Framework for AI-first world
As we continue our series on ramping up Product Security teams for an AI-first world, it's essential to delve deeper into the mechanisms...

Gaurab Bhattacharjee
Jan 16, 2024
18 views
0 comments


Ramp up product security teams for an AI first-world.
Continuous assessment of AI systems from a cybersecurity perspective is crucial to ensure that any organizational AI implementations are...

Gaurab Bhattacharjee
Jan 7, 2024
38 views
0 comments


Mapping Between CIA and STRIDE in Cybersecurity
Introduction In the realm of cybersecurity, understanding the relationship between different frameworks and models is crucial for...

Gaurab Bhattacharjee
Dec 13, 2023
614 views
0 comments


Mastering Application Security Assessments with Proven Delivery Frameworks
Application Security Assessments are crucial for identifying and mitigating security risks in software applications. The delivery...

Gaurab Bhattacharjee
Oct 23, 2023
7 views
0 comments


SEC Implements New Rules Requiring Disclosure of Material Cybersecurity Incidents and Risk Managemen
In a significant move to enhance transparency and accountability in the business world, the Securities and Exchange Commission (SEC) has...

Gaurab Bhattacharjee
Jul 31, 2023
4 views
0 comments


ASPM - What's in it for the Developers?
Application Security Posture Management (ASPM) offers several benefits for developers in ensuring the security of their applications....
Gaurab Bhattacharjee
Jul 2, 2023
4 views
0 comments


Application Security Posture Management (ASPM) - What is this about?
Application Security Posture Management (ASPM) refers to managing and maintaining applications' security posture within an organization....
Gaurab Bhattacharjee
Jun 14, 2023
3 views
0 comments


Building Strong Foundations: The Key Role of Input Validation in Secure Application Design
In today's digital landscape, where software applications have become an integral part of our daily lives, ensuring the security of these...

Gaurab Bhattacharjee
May 9, 2023
32 views
0 comments


Building Strong Foundations: The Key Role of Authentication in Secure Application Design
One must emphasize the importance of robust security measures in today's interconnected world, where the digital landscape is constantly...
Gaurab Bhattacharjee
Apr 4, 2023
27 views
0 comments


Pattern: Input Validation - NodeJS
What is a Pattern? A pattern for software development is a reusable solution to a common software design problem. It is a general...
Gaurab Bhattacharjee
Mar 22, 2023
1 view
0 comments


Pattern: Input Validation - TypeScript
What is a Pattern? A pattern for software development is a reusable solution to a common software design problem. It is a general...

Gaurab Bhattacharjee
Mar 16, 2023
67 views
0 comments


Core Tenets of Secure SDLC
In today's digital world, secure software development is not just an option—it's a necessity. With cyber threats constantly evolving,...
Gaurab Bhattacharjee
Feb 24, 2023
0 views
0 comments


Pillars for building HIPAA-compliant software #TWO
As healthcare technology advances, ensuring that sensitive patient health information is properly protected is becoming increasingly...

Gaurab Bhattacharjee
Feb 17, 2023
6 views
0 comments


OWASP Top 10 vulnerabilities & STRIDE
The STRIDE threat model is a framework that helps identify and categorize security threats. STRIDE stands for Spoofing, Tampering,...

Gaurab Bhattacharjee
Feb 9, 2023
244 views
0 comments


Building HIPAA-compliant software - #ONE
Software development organizations that deal with Protected Health Information (PHI) and/or Electronic Protected Health Information...
Gaurab Bhattacharjee
Feb 9, 2023
1 view
0 comments


OWASP Top 10 2021: The Most Critical Web Application Security Risks
The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to improving software security. OWASP releases a...

Gaurab Bhattacharjee
Feb 8, 2023
32 views
0 comments
bottom of page