Codific
  • Solutions
    • AppSec Management with SAMMY
    • GRC Management with SAMMY
    • Ed-Tech and HR-Tech
      • Secure Video Sharing with Videolab
      • Student Attendance Tracking with Attendance Radar
      • Survey Analysis Automation with SARA
  • Services
    • OWASP SAMM Assessments
    • OWASP SAMM Training
    • OWASP SAMM Guidance
  • Company
    • Our Story
    • Who We Are
    • Codific @ OWASP Global AppSec Barcelona 2025
    • Codific @ OWASP
    • Careers
  • Partners
    • Implementation Partners Program
    • Recommended Vendors Program
      • Our Recommended Vendors
    • Academic Application Security Program
  • Customers
  • Insights
  • Contact
  • Go to SAMMY

Application security insights and other exciting stories - Codific

Home Application security insights and other exciting stories
Conceptual illustration of the SSDLC

11

Jun

What Is the SSDLC? A Guide to Secure Development

  • Nicolas Montauban

Most security issues in software stem from one simple problem: teams try to fix them […]

Read Article
dependency governance in SOOS

03

Jun

Master Dependency Management with SOOS and SAMM

  • Aram Hovsepyan
  • Application Security, Application Security Management, SAMM, SSDLC

Dependency management has become one of the most critical aspects of modern software development. Third-party[…]

Read Article
vulnerability management dashboard

26

May

Security metrics with purpose and strategic impact

  • Aram Hovsepyan
  • Application Security, Cybersecurity, Security metrics

You’ve probably heard the saying, ā€œYou can’t manage what you don’t measure.ā€ If you are[…]

Read Article
CRA readiness analysis.

24

Apr

What to expect from EU CRA fines?

  • Dag Flachet
What is CRA? The Cyber Resilience Act (CRA) is an EU‐wide regulation, formally Regulation (EU) 2024/2847 Ā that sets mandatory[...]
Read Article
how to do threat modeling steps

10

Apr

Master Threat Modeling with Toreon’s World-Class Approach

  • Aram Hovsepyan
  • Application Security, Application Security Management, architecture mitigation, Cybersecurity, threat modeling

Threat modeling shaped my AppSec career. It helped me wrestle with one of security’s most[…]

Read Article
Business functions of SAMM graphic

04

Apr

OWASP SAMM: A Comprehensive Introduction

  • Nicolas Montauban
  • Application Security, Application Security Management, Cybersecurity, OWASP SAMM, Security Maturity

Modern software development moves fast, and so do the security challenges that come with it.[…]

Read Article
Steps to implement OWASP SAMM graphic

04

Apr

How to implement OWASP SAMM: Tooling, Example and Mistakes to Avoid

  • Nicolas Montauban
  • Application Security, OWASP SAMM, Secure Software Development, Software security, Team Management

Understanding OWASP SAMM is only the beginning. The real value comes from using it to[…]

Read Article

24

Mar

4YFN 2025: Cybersecurity Trends

  • Mahe Pereira

As I reflect on my experience at the 4YFN conference in Barcelona, one thing stands[…]

Read Article
Application risk shown by a safe vault with cracks

25

Feb

Master OWASP SAMM Application Risk Profiles with Heeler

  • Aram Hovsepyan
  • Application Security, SAMM, Secure Software Development
Introduction: Application Risk Profile with Heeler A clear understanding of risk is the foundation of[...]
Read Article
Image of a hacker

24

Feb

A Guide on How to Not Get Hacked

  • Nicolas Montauban
  • Cybersecurity, hacking, Information Security, Security

Have you every been hacked? It sucks right? But don’t worry—now, let’s make sure it[…]

Read Article
False Claims Act

12

Feb

What Is the False Claims Act? A Comprehensive Guide to Understanding its Purpose and Impact

  • Michaella Masters

Fraud against government programs costs taxpayers billions of dollars every year, threatening the integrity of[…]

Read Article
Visual representation of an application security architecture with snow on top

12

Feb

Master OWASP SAMM Architecture Validation with IcePanel

  • Aram Hovsepyan
  • Application Security, SAMM, Secure Software Development
Introduction: Architecture Validation with IcePanel Architecture validation is the process of reviewing your architecture to[...]
Read Article
Next

Building a simple and safe digital future

  • Visit Codific's LinkedIn channel (opens in a new tab)
  • Visit Codific's YouTube channel (opens in a new tab)

Main Focus

Application Security Compliance Cybersecurity NIST SSDF OWASP Privacy by Design SAMM Secure Software Development Security Security Software Engineer Software security SSDLC

Recent Post

  • Conceptual illustration of the SSDLC

    June 11, 2025

    What Is the SSDLC? A Guide to Secure Development

    June 11, 2025

  • dependency governance in SOOS

    June 03, 2025

    Master Dependency Management with SOOS and SAMM

    June 03, 2025

  • vulnerability management dashboard

    May 26, 2025

    Security metrics with purpose and strategic impact

    May 26, 2025

In the Spotlight

  • SAMMY
  • Secure Video Sharing with Videolab
  • Attendance Radar
  • SARA
  • Terms & Conditions
  • Imprint
  • Cookie Policy
  • Privacy Statement

Codific Ā® 2025. All rights reserved.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}