Blog Posts Tagged with "Secure Coding"
Making Things Worse by Asking all the Wrong Questions
May 14, 2012 Added by:Rafal Los
Blaming OWASP and developers for not adopting secure coding is silly. Uuntil the business cares about security, and developers have an incentive to write more secure code, tools and simple to use transparent technologies like that which OWASP provides won't get utilized...
Comments (2)
A Field Guide to Post-UDID Unique IDs on iOS
May 10, 2012 Added by:Fergal Glynn
Ongoing developments in the device-wide ID space focus on two dueling schemes and codebases: OpenUDID and SecureUDID. If you’re an iOS developer, this will serve as an introduction to the details of these systems, including their limitations and potential for data leakage...
Comments (0)
Webinar: Keeping Your Open Source Software Secure
May 09, 2012 Added by:Infosec Island Admin
Understand why collaboration is invaluable in keeping proprietary systems secure. Learn how to share private information in public forums without harming your organization. Identify what tools are available to your organization for collaboration, notification, and knowledge-sharing...
Comments (0)
CISSP Reloaded Domain 7: Applications and Systems Development
May 09, 2012 Added by:Javvad Malik
Secure applications aren’t the result of evolution or chance conditions coming together. Secure applications are only created with a definite degree of intelligent design. You, as the security person are responsible for providing that intelligent design into the application...
Comments (0)
What’s Going Right with Your Secure Development Efforts?
May 04, 2012 Added by:Fergal Glynn
Security professionals place developer’s code under a microscope and highlight each and every flaw, so you can appreciate why there may be some tension. Testing of code only offers assessments of what they did wrong. Can we apply a different lens while having this conversation?
Comments (0)
Guide to the OWASP Application Security Top Ten
May 01, 2012 Added by:Fergal Glynn
Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public...
Comments (0)
Mobile Applications Shouldn’t Roll Their Own Security
May 01, 2012 Added by:Brent Huston
Many of the applications being designed are being done so by scrappy, product oriented developers. This is not a bad thing for innovation - in fact just the opposite - but it can be a bad thing for safety, privacy and security...
Comments (0)
AppSec Mistakes Companies Make and How to Fix Them
April 25, 2012 Added by:Fergal Glynn
We’re pleased to present responses from an array of security experts including Bill Brenner, Andrew Hay, Jack Daniel and Chris Wysopal. Common themes arose, including the idea of taking AppSec more seriously and committing to a programmatic approach vs. ad hoc manual testing...
Comments (0)
Reflections on Ten years of Software Security
April 22, 2012 Added by:Rafal Los
Given a finite amount of time to write a piece of software with specified features and functionality the security of that code will always take a back seat. At least for the time being.Let's face it, code breaks in strange ways that it's not always easy to understand...
Comments (0)
On Buffer Overrun Vulnerabilities, Exploits and Attacks
April 19, 2012 Added by:Fergal Glynn
A Buffer overflow is a common software coding mistake. To effectively mitigate the vulnerability, it is important that you first understand what buffer overflows are, what dangers they pose to your applications, and what techniques attackers use to successfully exploit them...
Comments (0)
Open Source Code in the Enterprise - Keys to Avoiding Vulnerabilities
April 18, 2012 Added by:Rafal Los
There is no debate in the open vs. closed source software question. Either can be made well, or poorly. Either open source or closed source can be relatively secure, or riddled with easy-to-exploit holes. We don't need to rehash this, but there appears to be some new data...
Comments (0)
Pain Comes Immediately – Secure Development Takes Time
April 17, 2012 Added by:Alexander Rothacker
Once a patch to a vulnerability is released, the vendor should give as much guidance as possible to its customer base so that they can make an informed decision on how to mitigate — may it be a workaround, such as disabling some functionality, configuring compensating controls...
Comments (0)
Demystifying Binary Static Analysis
March 30, 2012 Added by:Fergal Glynn
One of my goals in this presentation is to make it clear that there is nothing source code analysis can do that binary analysis can’t. Binary analysis even has benefits over source code analysis. It may seem counter-intuitive, so you will want to see the presentation...
Comments (0)
Defining Success for Information Security Through KPIs
March 26, 2012 Added by:Rafal Los
In the world of software development the business just wants to release fast and functional while the security team would prefer slower and more 'secure'. So as security struggles to positively impact risk, I found 5 key performance indicators that bridge the two positions...
Comments (0)
Pitting Education Against Cyber Attacks
March 26, 2012 Added by:Frank Kim
In the relentless struggle to protect against cyber attacks, companies must identify vulnerabilities before hackers have an opportunity to exploit them. With software applications, a logical path to the early identification of vulnerabilities begins at the development stage...
Comments (0)
Some Thoughts on Sandboxes
March 23, 2012 Added by:Rafal Los
Developer should be writing good code, period. But when the pace of developing outpaces the ability to do complete software security analysis we see security organizations turning to sandboxing as a method of limiting the damage an exploited piece of code can do...
Comments (0)
- Not Totally Sure What Just Happened...
- Has Anonymous Infiltrated the US Government?
- Big Opportunities in the Cloud
- Zeus Malware Targeting Facebook, Gmail and Yahoo Users
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR