Blog Posts Tagged with "Development"
March 07, 2012 Added by:Fergal Glynn
A holistic application security approach that includes integrating developer training with static analysis and advanced remediation techniques will help reduce overall risk across your enterprise application portfolio and will strengthen your security program...
March 02, 2012 Added by:Brent Huston
During the WWDC keynote, Brent Huston spent considerable time discussing the lack of built-in security for the iOS. Each unique identifier on numerous devices would allow possibly unwanted users to see information they shouldn’t see. In some cases, not such a bad idea...
February 23, 2012 Added by:Keith Mendoza
The only real fix for this is a mindset shift. At the minimum, software developers need to code defensively regardless of the scope of the project, because this needs to become a habit. Coding standards should include requirements that all compiler warnings should be resolved...
February 22, 2012 Added by:Bill Gerneglia
You can’t understand how applications will be attacked if you don’t know how they work. Applications ultimately transmit data and operate on hardware in a network. Developers need to understand protocols, dependencies, communications, encryption, and more...
February 20, 2012 Added by:Electronic Frontier Foundation
Even with industry standard security practices in place, data is still vulnerable to a breach or a subpoena. Companies collecting personal data have an obligation to keep as little personally identifiable data as necessary to provide their services...
February 10, 2012 Added by:Security Ninja
Developers, project managers and executive officers need to be able to evaluate the risk that they are exposing their customers and their businesses to. They need to know how to measure the security posture of their apps and to make decisions on what changes to make...
January 26, 2012 Added by:Keith Mendoza
Even if a complete software rewrite is done, it's not really a complete rewrite. Someone in the development team--usually the person who was working on the last version before the so-called rewrite--will copy parts of code from the old source code...
January 20, 2012 Added by:Security Ninja
I developed and would like to introduce the Windows Phone App Analyzer, The Windows Phone App Analyser is similar to the static analysis tab in Agnitio. If you browse to any C# .cs files and click scan you will see the keyword highlighting that you might be familiar with from Agnitio...
January 16, 2012 Added by:Danny Lieberman
Security management is tricky. It’s not only about technical controls and good software development practice. It’s also about management responsibility. If you remember the Theory of Constraints, there is only one thing that limits a system's (or company's) performance...
December 09, 2011 Added by:Headlines
"HTML 5 applications use DOM extensively and dynamically change content via XHR calls. DOM manipulation is done by several different DOM-based calls and poor implementation allows DOM-based injections. These injections can lead to a set of possible attacks and exploits..."
December 05, 2011 Added by:Kelly Colgan
Mobile applications do much more than entertain, inform, or otherwise make life more convenient. Depending on the app, companies can access private information as varied as phone and email contacts, call logs, calendar data, and data about the device, and therefore our location...
December 02, 2011 Added by:Rafal Los
So what catches your attention? What conclusions can you draw here that may be insight into how we can improve the state of software security in the enterprise? My eye gets caught on "politics" and TOOLS in big bold letters... then UPHILL and APATHY. Dang, we're a cynical bunch aren't we...
November 29, 2011 Added by:Headlines
"The SRD is for companies that build static analyzers... It will help their products catch the most common errors in the software they are supposed to check. It brings rigor into software assurance, so that the public can be more confident that there are fewer dangerous weaknesses..."
November 22, 2011 Added by:Keith Mendoza
This is a question that I would like to pose to the open-source software community: Assuming that we can ignore the lawyers for a second, what amount of effort would you be willing to put to produce software that is free of defect from workmanship? How will you go about making sure?
November 22, 2011 Added by:Rafal Los
You don't just go to college, get a degree in 'software security' and walk into a job being great at it - mostly because that degree doesn't exist, but also because the days of being able to walk into a job like this are probably long behind us...
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015
PCI Security Standards Council Statement on ... on 03-17-2015