As most organizations are trying to bake security into their SDLC and with the wide adoption of git-flow, security concerns are also taking shape accordingly.

While git-flow was originally designed to make branch management easier for development teams, it also offers tremendous opportunities to develop software in a secure manner.


Let’s face it! Security teams are not capable of ensuring secure development life cycles themselves. They can only get the ball rolling but to keep the momentum going software development and DevOps teams also need to go the extra mile.

Thinking about the different roles involved in the task of…


We have all been involved in many training sessions in our careers. Sometimes willingly and sometimes not.

Let’s try to remember when those sessions had our full attention.

Without exception, it was when there was truly something in it for us.

Before we decide that a training session is worth…


In the modern software development life cycle, there is a variety of security tools used in different phases of development pipelines.

While SAST and SCA are more heavily used in the coding phase, as we approach the production phase DAST, IAST, Container Security or In-App Protection tools also come into…


Cybersecurity has always been considered a technical issue. Undoubtedly it is. However, its affinity with marketing is most of the time overlooked.

Brand images are created in people’s minds and that is where they live. While marketing works to get the brand name out there or to sustain a positive…


Nowadays there is a wide variety of security layers used by organizations at different stages of the software development life cycle. Static code analysis, dynamic analysis, penetration tests, bug bounty programs, or manual findings all offer different frequencies and different coverage levels to catch vulnerabilities.

Software developers need to deal…


In the ever-changing landscape of Appsec and DevOps, we have recently started to talk about shifting center instead of shifting left. This is because there is no right or left in the circular movement of software development which DevOps symbol perfectly demonstrates. …


Photo by on

In this post, we will talk about some quick and easy software security mitigation tricks that every developer can use on a daily basis.

Those quick fixes are called “damage limitation strategies” in general. …


Photo by on

If the title of this post has attracted your attention and you have started to read it, you are probably aware of the fact that your security team is only as effective as your development team. Regardless of how effectively your security team is identifying vulnerabilities, getting rid of the…


Photo by on

With the trend of shifting left which means performing security tests earlier in the software development life cycle, last minute deployment issues are about to be a thing of the past. However, the variety of security tools used in the process still creates complexity when deciding on which project to…

Can Bilgin

Co-Founder & COO at

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store