Blog Posts Tagged with "Development"

68b48711426f3b082ab24e5746a66b36

Building an AppSec Training Program for Development Teams

March 07, 2012 Added by:Fergal Glynn

A holistic application security approach that includes integrating developer training with static analysis and advanced remediation techniques will help reduce overall risk across your enterprise application portfolio and will strengthen your security program...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Apple’s PC Free Feature: Insecure, But Maybe That’s Good

March 02, 2012 Added by:Brent Huston

During the WWDC keynote, Brent Huston spent considerable time discussing the lack of built-in security for the iOS. Each unique identifier on numerous devices would allow possibly unwanted users to see information they shouldn’t see. In some cases, not such a bad idea...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Why Less Emphasis On Software Security?

February 23, 2012 Added by:Keith Mendoza

The only real fix for this is a mindset shift. At the minimum, software developers need to code defensively regardless of the scope of the project, because this needs to become a habit. Coding standards should include requirements that all compiler warnings should be resolved...

Comments  (4)

44fa7dab2a22dc03b6a1de4a35b7834a

A Security Resolution for Developers

February 22, 2012 Added by:Bill Gerneglia

You can’t understand how applications will be attacked if you don’t know how they work. Applications ultimately transmit data and operate on hardware in a network. Developers need to understand protocols, dependencies, communications, encryption, and more...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

A Better Path for Applications: Respecting Users

February 20, 2012 Added by:Electronic Frontier Foundation

Even with industry standard security practices in place, data is still vulnerable to a breach or a subpoena. Companies collecting personal data have an obligation to keep as little personally identifiable data as necessary to provide their services...

Comments  (0)

4e21f96122846f32545687ad42b271e2

Some "LightReading" about Mobile Application Security

February 10, 2012 Added by:Security Ninja

Developers, project managers and executive officers need to be able to evaluate the risk that they are exposing their customers and their businesses to. They need to know how to measure the security posture of their apps and to make decisions on what changes to make...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

pcAnywhere Source from 2006 Still Alive and Kicking

January 26, 2012 Added by:Keith Mendoza

Even if a complete software rewrite is done, it's not really a complete rewrite. Someone in the development team--usually the person who was working on the last version before the so-called rewrite--will copy parts of code from the old source code...

Comments  (0)

4e21f96122846f32545687ad42b271e2

Windows Phone Application Analyzer v1.0 Released

January 20, 2012 Added by:Security Ninja

I developed and would like to introduce the Windows Phone App Analyzer, The Windows Phone App Analyser is similar to the static analysis tab in Agnitio. If you browse to any C# .cs files and click scan you will see the keyword highlighting that you might be familiar with from Agnitio...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Security and the Theory of Constraints

January 16, 2012 Added by:Danny Lieberman

Security management is tricky. It’s not only about technical controls and good software development practice. It’s also about management responsibility. If you remember the Theory of Constraints, there is only one thing that limits a system's (or company's) performance...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Top Ten Mistakes Made By Linux Developers

December 11, 2011 Added by:Danny Lieberman

My colleague, Dr. Joel Isaacson talks about the top ten mistakes made by Linux developers. It’s a great article and great read from one of the top embedded Linux programmers in the world...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Top Ten HTML5 Attack Vectors

December 09, 2011 Added by:Headlines

"HTML 5 applications use DOM extensively and dynamically change content via XHR calls. DOM manipulation is done by several different DOM-based calls and poor implementation allows DOM-based injections. These injections can lead to a set of possible attacks and exploits..."

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Mobile App Makers Must Protect Children’s Privacy

December 05, 2011 Added by:Kelly Colgan

Mobile applications do much more than entertain, inform, or otherwise make life more convenient. Depending on the app, companies can access private information as varied as phone and email contacts, call logs, calendar data, and data about the device, and therefore our location...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Challenges for Software Security Professionals

December 02, 2011 Added by:Rafal Los

So what catches your attention? What conclusions can you draw here that may be insight into how we can improve the state of software security in the enterprise? My eye gets caught on "politics" and TOOLS in big bold letters... then UPHILL and APATHY. Dang, we're a cynical bunch aren't we...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

NIST Improves Tool for Hardening Software Security

November 29, 2011 Added by:Headlines

"The SRD is for companies that build static analyzers... It will help their products catch the most common errors in the software they are supposed to check. It brings rigor into software assurance, so that the public can be more confident that there are fewer dangerous weaknesses..."

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Free From Defect Software License

November 22, 2011 Added by:Keith Mendoza

This is a question that I would like to pose to the open-source software community: Assuming that we can ignore the lawyers for a second, what amount of effort would you be willing to put to produce software that is free of defect from workmanship? How will you go about making sure?

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Wanted: Software Security Specialists... Are There Any?

November 22, 2011 Added by:Rafal Los

You don't just go to college, get a degree in 'software security' and walk into a job being great at it - mostly because that degree doesn't exist, but also because the days of being able to walk into a job like this are probably long behind us...

Comments  (2)

Page « < 1 - 2 - 3 - 4 - 5 > »