On the topic of #attackawareapps (see previous RT), I found this by Lockheed Martin on “Defendable Architectures” super interesting: lockheedmartin.com/content/d… Similar to what we tried to get at in our work, I love the point about modularity (see Fig 9 and 10).

Thanks John! Awesome chatting just now too re how orgs can get started with this and then keep that momentum going... would leave to see more chat about #attackawareapps going on here on Twitter.

So, a couple of flavours to choose from there. If you're not sure *why* you should care about #attackawareapps, or what currently exists for it, check out f-secure.com/en/consulting/o…. If you want a technical example, we've got a case study on @FSecureLabs: labs.f-secure.com/blog/appli….

Something I've been working on for a little while now. Huge fan of #attackawareapps & all the exciting #AppSec work that's come before w/ @appsensor etc. But noticed a lot of orgs still not got even app-level detection down - let alone response. Hopefully, a different approach.