top of page
A simple Secure-SDLC blog!


Threat Modeling AI Driven products: What Developers Must Add to Their Toolkit
“If we don’t understand how something can break, we’ll never build it securely.”— AppSec maxim, more relevant than ever in the era of AI...
Gaurab Bhattacharjee
Feb 16


Why the Core Tenets of Secure SDLC Still Apply to AI-Driven Software
AI introduces new risks, but the core tenets of Secure SDLC—secure design, threat modeling, secure coding, and continuous testing—are more essential than ever. At AppSec360, we emphasize that integrating security throughout the AI development lifecycle is critical to mitigating threats like data poisoning and adversarial attacks. Secure SDLC isn’t outdated—it’s the foundation for building safe, resilient AI-driven software.
Gaurab Bhattacharjee
Feb 10


Security in Software Development's Feedback Loop: Bridging the DevOps-Architect/Product Manager Divide in Security
Building security into every software development lifecycle (SDLC) phase is a marathon, not a sprint. DevOps teams tirelessly test and...

Gaurab Bhattacharjee
Jan 25, 2024


Navigating the Evolving Landscape of Software Security: Insights from the BSIMM14 Report
The world of software security is continuously evolving, and the BSIMM14 report serves as a crucial compass for navigating this complex...

Gaurab Bhattacharjee
Jan 23, 2024


Product Security Delivery Framework for AI-first world
As we continue our series on ramping up Product Security teams for an AI-first world, it's essential to delve deeper into the mechanisms...

Gaurab Bhattacharjee
Jan 16, 2024


Ramp up product security teams for an AI first-world.
Continuous assessment of AI systems from a cybersecurity perspective is crucial to ensure that any organizational AI implementations are...

Gaurab Bhattacharjee
Jan 7, 2024


Mastering Application Security Assessments with Proven Delivery Frameworks
Application Security Assessments are crucial for identifying and mitigating security risks in software applications. The delivery...

Gaurab Bhattacharjee
Oct 23, 2023


Building Strong Foundations: The Key Role of Input Validation in Secure Application Design
In today's digital landscape, where software applications have become an integral part of our daily lives, ensuring the security of these...

Gaurab Bhattacharjee
May 9, 2023


Building Strong Foundations: The Key Role of Authentication in Secure Application Design
One must emphasize the importance of robust security measures in today's interconnected world, where the digital landscape is constantly...
Gaurab Bhattacharjee
Apr 4, 2023


OWASP Top 10 vulnerabilities & STRIDE
The STRIDE threat model is a framework that helps identify and categorize security threats. STRIDE stands for Spoofing, Tampering,...

Gaurab Bhattacharjee
Feb 9, 2023


OWASP Top 10 2021: The Most Critical Web Application Security Risks
The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to improving software security. OWASP releases a...

Gaurab Bhattacharjee
Feb 8, 2023


Secure Design Analysis: Empowering Humans for Optimal Results
Designing secure systems is a complex and still largely manual process. While automation helps streamline some aspects, making the entire...

Gaurab Bhattacharjee
Feb 6, 2023


Shift-Left starts at Build, & that's a problem.
While Shift-Left is a big buzz in secure software development that aims to move security considerations earlier in the development...

Gaurab Bhattacharjee
Feb 4, 2023
bottom of page