Webappsec->General

5c549756b3c0b3d5c743158a72ce3809

Do You Have a Vendor Security Check List? You Should!

May 09, 2013 Added by:Michael Fornal

A security check list is a list of security controls that a vendor or application must meet. These controls can range from how storage back up is to be done, to password complexity requirements. Having a checklist can help you in deciding if the application or vendor conforms to your company’s security requirements.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Three Reasons Why a One-Size-Fits-All Secure SDLC Solution Won’t Work

May 08, 2013 Added by:Rohit Sethi

Forcing a security process on development teams that doesn’t take into account the way they develop software is a recipe for disaster. A good goal to have for secure SDLC is to minimize the impact on the team’s existing software development practice.

Comments  (1)

B3686baa29e6fe1c9c2e3feb0f9ebf99

Why Are We Failing at Software Security?

May 01, 2013 Added by:Nish Bhalla

While there are many granular reasons for software security failures at the institutional, developer or vendor level - there are five industry-wide problems that are fueling the current state of insecurity. These are complicated problems and will not be easy to solve. But until we do, software security will remain at risk.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Takeaways from the 2013 Verizon Data Breach Investigations Report for Software Development Teams

April 29, 2013 Added by:Rohit Sethi

The 2013 Verizon Data Breach Investigations Report has some important data for software development teams, particularly when considering the likelihood of certain threats to your system.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Raising the Bar on Application Security Due Diligence

April 24, 2013 Added by:Rohit Sethi

Many automated scanning solutions are outstanding in their cost effectiveness and ability to find certain classes of vulnerabilities. For example, a properly-configured static analysis solution may help you find every instance of potential SQL injection in your software.

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Google: Black Hat or White Hat?

April 23, 2013 Added by:Larry Karisny

Google has a perfect opportunity to be a leader in cybersecurity. Google’s recent network -- and acquisitions and hires -- in Austin, Texas, is an opportunity to do security right the first time.

Comments  (1)

65c1700fde3e9a94cc060a7e3777287c

Protect Data Not Devices?

April 05, 2013 Added by:Simon Moffatt

As the devices becomes smarter, greater emphasis is placed on the data and services those devices access. Smartphones today come with a healthy array of encryption features, remote backup, remote data syncing for things like contacts, pictures and music, as well device syncing software like Dropbox. How much data is actually specifically related to the device?

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Debunking Myths: Penetration Testing is a Waste of Time

April 04, 2013 Added by:Rohit Sethi

Before you perform your next security verification activity, make sure you have software security requirements to measure against and that you define which requirements are in-scope for the verification.

Comments  (0)

1de705dde1cf97450678321cd77853d9

Hardening Is Hard If You're Doing It Right

March 20, 2013 Added by:Ian Tibble

The early days of deciding what to do with the risk will be slow and difficult and there might even be some feisty exchanges, but eventually, addressing the risk becomes a mature, documented process that almost melts into the background hum of the machinery of a business.

Comments  (1)

219bfe49c4e7e1a3760f307bfecb9954

Why You Shouldn’t Use the OWASP Top 10 as a List of Software Security Requirements

February 21, 2013 Added by:Rohit Sethi

On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. The challenge is that while the Top 10 details security flaws, these flaws don’t map cleanly to requirements.

Comments  (1)

219bfe49c4e7e1a3760f307bfecb9954

Why the Latest Rails Exploit Is Indicative of a Bigger Problem

February 15, 2013 Added by:Rohit Sethi

The latest Rails security flaw is example of a common anti-pattern. The issue in each case is an abuse of extensibility. At first glance the idea is clever: allow for run-time execution of new code or binding of server-side variables without changing your compiled code, thereby greatly enhancing extensibility.

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Power to the People and the Coming AppSec Revolution

January 24, 2013 Added by:Fergal Glynn

It used to be that you could call for more secure software from individual vendors – and Microsoft heeded that call with its push for trustworthy computing in 2002 – but today we’re more dependent on software and more interconnected than ever. We rise and fall by the security of our associates...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

California AG Releases Mobile App Guidelines; Industry Responds

January 24, 2013 Added by:David Navetta

The guidelines separately address app developers, app platform providers, mobile ad networks, operating system providers, and mobile carriers. A coalition of advertising and marketing industry groups recently responded, criticizing the guidelines...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Automation, Dog Food and a Security State of Mind

January 20, 2013 Added by:Fergal Glynn

As a developer, I don’t focus on is security. I usually get the security correct, but my main goal is making all the parts work together well. And that’s true of most developers most of the time...

Comments  (0)

4eb356e09746aadc2f4800877e8c24e8

Mobile App Security Series: It’s 10pm. Do you know where your data is?

January 16, 2013 Added by:Brandon Knight

Mobile devices continue to pick up steam on becoming the primary device that many people use for email, web browsing, social media and even shopping. As we continue installing app after app which we then put our personal information in to the question is how secure are these apps?

Comments  (0)

369dec31d888693bba6b6e0f39c14ce3

Who is Responsible for Application Security? Development or Security?

January 10, 2013 Added by:Matt Neely

During a recent visit to a client site, I took part in a discussion where the Development Department and the Security Department were arguing over which group was responsible for the security of web applications. Security felt it was the responsibility of the developers, and the developers felt it was the responsibility of security. I commonly see this debate taking place inside organizations, s...

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »