Xebia Articles

Dave van Stein

Dave van Stein is security consultant at Xebia since October 2015. He has more than 15 years of experience in software and acceptance testing and started specializing in Web Application Security in the beginning of 2008.
Find me on:

Recent Posts

The Future of InfoSec

Posted by Dave van Stein on Jan 30, 2020 2:23:00 PM


Read More

Topics: Agile Software Security

It Takes Two to Do the Agile Tango: Invite Security to the Dancefloor

Posted by Dave van Stein on Oct 4, 2019 11:13:21 AM

In Agile transformations, it's common to start small with a couple of pilot development teams to gain some experience before implementing larger organizational changes. While sensible on the surface, it’s a recipe for disaster because it threatens the entire transformation, as well as the organization’s security.

Read More

Topics: Agile Transformations, Agile Software Security

Security Is Dead, Long Live Security

Posted by Dave van Stein on Mar 8, 2017 1:30:00 PM

Some time ago I attended BruCON. For those unfamiliar with it, BruCON is a security conference where everybody with an interest in security can share their views and findings. As always, it was a great mixture of technology, philosophy, personal opinions and hands-on workshops.

This time, however, I noticed a certain pattern in some of the talks. Chris Nickerson gave a presentation about "how to make a pentester's life hell" based on experience, Shyma Rose shared her views on risk management, Mark Hillick showed us how the security was improved at Riot Games and David Kennedy provided his opinion on the state of the information security industry nowadays. All four of them basically told pieces of the same tale from a different perspective and I will try to provide my viewpoint on the matter in this blog.

Read More

Topics: Agile Software Security

Being an Agile Security Officer

Posted by Dave van Stein on Mar 6, 2017 2:58:34 PM

Whenever I give a presentation, training, or just talk to security teams, it becomes clear that over the years a gap has been created between application security and development. A gap we created consciously and with intent and that became painfully visible with the introduction of Agile and DevOps. Suddenly exhaustive information security policies with checklists and penetration tests became serious impediments. The challenge we are facing now is how to bridge this gap again.

Read More

Topics: Agile Software Security