Webappsec->General

B3686baa29e6fe1c9c2e3feb0f9ebf99

Why Are We Failing at Software Security?

May 01, 2013 Added by:Nish Bhalla

While there are many granular reasons for software security failures at the institutional, developer or vendor level - there are five industry-wide problems that are fueling the current state of insecurity. These are complicated problems and will not be easy to solve. But until we do, software security will remain at risk.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Takeaways from the 2013 Verizon Data Breach Investigations Report for Software Development Teams

April 29, 2013 Added by:Rohit Sethi

The 2013 Verizon Data Breach Investigations Report has some important data for software development teams, particularly when considering the likelihood of certain threats to your system.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Raising the Bar on Application Security Due Diligence

April 24, 2013 Added by:Rohit Sethi

Many automated scanning solutions are outstanding in their cost effectiveness and ability to find certain classes of vulnerabilities. For example, a properly-configured static analysis solution may help you find every instance of potential SQL injection in your software.

Comments  (0)

8a958994958cdf24f0dc051edfe29462

Google: Black Hat or White Hat?

April 23, 2013 Added by:Larry Karisny

Google has a perfect opportunity to be a leader in cybersecurity. Google’s recent network -- and acquisitions and hires -- in Austin, Texas, is an opportunity to do security right the first time.

Comments  (1)

65c1700fde3e9a94cc060a7e3777287c

Protect Data Not Devices?

April 05, 2013 Added by:Simon Moffatt

As the devices becomes smarter, greater emphasis is placed on the data and services those devices access. Smartphones today come with a healthy array of encryption features, remote backup, remote data syncing for things like contacts, pictures and music, as well device syncing software like Dropbox. How much data is actually specifically related to the device?

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Debunking Myths: Penetration Testing is a Waste of Time

April 04, 2013 Added by:Rohit Sethi

Before you perform your next security verification activity, make sure you have software security requirements to measure against and that you define which requirements are in-scope for the verification.

Comments  (0)

1de705dde1cf97450678321cd77853d9

Hardening Is Hard If You're Doing It Right

March 20, 2013 Added by:Ian Tibble

The early days of deciding what to do with the risk will be slow and difficult and there might even be some feisty exchanges, but eventually, addressing the risk becomes a mature, documented process that almost melts into the background hum of the machinery of a business.

Comments  (1)

219bfe49c4e7e1a3760f307bfecb9954

Why You Shouldn’t Use the OWASP Top 10 as a List of Software Security Requirements

February 21, 2013 Added by:Rohit Sethi

On February 15, the Open Web Application Security Project (OWASP) came out with its 2013 list of candidates for the Top 10 web application security flaws. The challenge is that while the Top 10 details security flaws, these flaws don’t map cleanly to requirements.

Comments  (1)

219bfe49c4e7e1a3760f307bfecb9954

Why the Latest Rails Exploit Is Indicative of a Bigger Problem

February 15, 2013 Added by:Rohit Sethi

The latest Rails security flaw is example of a common anti-pattern. The issue in each case is an abuse of extensibility. At first glance the idea is clever: allow for run-time execution of new code or binding of server-side variables without changing your compiled code, thereby greatly enhancing extensibility.

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Power to the People and the Coming AppSec Revolution

January 24, 2013 Added by:Fergal Glynn

It used to be that you could call for more secure software from individual vendors – and Microsoft heeded that call with its push for trustworthy computing in 2002 – but today we’re more dependent on software and more interconnected than ever. We rise and fall by the security of our associates...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

California AG Releases Mobile App Guidelines; Industry Responds

January 24, 2013 Added by:David Navetta

The guidelines separately address app developers, app platform providers, mobile ad networks, operating system providers, and mobile carriers. A coalition of advertising and marketing industry groups recently responded, criticizing the guidelines...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Automation, Dog Food and a Security State of Mind

January 20, 2013 Added by:Fergal Glynn

As a developer, I don’t focus on is security. I usually get the security correct, but my main goal is making all the parts work together well. And that’s true of most developers most of the time...

Comments  (0)

4eb356e09746aadc2f4800877e8c24e8

Mobile App Security Series: It’s 10pm. Do you know where your data is?

January 16, 2013 Added by:Brandon Knight

Mobile devices continue to pick up steam on becoming the primary device that many people use for email, web browsing, social media and even shopping. As we continue installing app after app which we then put our personal information in to the question is how secure are these apps?

Comments  (0)

369dec31d888693bba6b6e0f39c14ce3

Who is Responsible for Application Security? Development or Security?

January 10, 2013 Added by:Matt Neely

During a recent visit to a client site, I took part in a discussion where the Development Department and the Security Department were arguing over which group was responsible for the security of web applications. Security felt it was the responsibility of the developers, and the developers felt it was the responsibility of security. I commonly see this debate taking place inside organizations, s...

Comments  (1)

A1f4c2dd4be7f118911ec4e0df35aab1

Here’s How The Amazing Twitter Infosec Team Helps DevOps

December 25, 2012 Added by:Gene Kim

Want to see how infosec integrates into a DevOps work stream? Watch this fantastic talk by Justin Collins, Neil Matatall, and Alex Smolen from Twitter, called “Put Your Robots To Work: Security Automation at Twitter..."

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

The Four Horsemen of the Cyber-Apocalypse: Security Software FUD

December 15, 2012 Added by:Tripwire Inc

Did the title of this post get your attention? We are doomed! The sky is falling! All of your computers are infected! We are just one security breach away from complete human extinction! The security software industry is guilty of overhyping cyber threats to sell their products, second only to Hollywood...

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »