Blog Posts Tagged with "Secure Coding"
Power to the People and the Coming AppSec Revolution
January 24, 2013 Added by:Fergal Glynn
It used to be that you could call for more secure software from individual vendors – and Microsoft heeded that call with its push for trustworthy computing in 2002 – but today we’re more dependent on software and more interconnected than ever. We rise and fall by the security of our associates...
Comments (0)
Automation, Dog Food and a Security State of Mind
January 20, 2013 Added by:Fergal Glynn
As a developer, I don’t focus on is security. I usually get the security correct, but my main goal is making all the parts work together well. And that’s true of most developers most of the time...
Comments (0)
The Value of Secure Coding Procedures
January 09, 2013 Added by:Don Eijndhoven
I recently had a very interesting conversation with Dave Hyman of Checkmarx, who asked me how I saw the future of cyber security (or information security, take your pick). Now, as I’m sure you´ll agree with me, that’s a fairly abstract question that can go a lot of ways. My friends will confirm that I enjoy waxing philosophical discussions like that, but given what Checkmarx does with code se...
Comments (0)
Security is Inconvenient, Deal With It!
December 17, 2012 Added by:Keith Mendoza
ZD Net had an article entitled "Kernel vulnerability places Samsung devices at risk" and I thought "so, what's new" until I followed the link to the forum post on xda-developers. Then I just lost it because I'm certain that this is a result of plain and simple laziness...
Comments (2)
Java in the Cross-Hairs of Enterprise Security
September 26, 2012 Added by:Rafal Los
Enterprises seem to have a love-hate relationship with Java. It's a client we aren't thrilled with, but when it comes to cross-platform use there aren't really any other alternatives. If you look around you'll find that many of the security platforms are written in what? Java...
Comments (0)
Rediscovering Our Way: OWASP AppSec Ireland 2012
September 20, 2012 Added by:Rafal Los
We can't expect the OWASP community to continue forward as a collection of application-security focused professionals without developer outreach, education, and more outreach. Application (and software) security isn't about security people at all, it's about developers...
Comments (0)
Preparing Developers for Tomorrow’s Cloudy World
September 17, 2012 Added by:Ben Kepes
"The advent of cloud computing has removed infrastructure as a barrier to rapid and massive scaling of applications. [IaaS and Paas have] made it possible for a developer to create an application one day and have it utilized by hundreds of thousands of users the next..."
Comments (0)
Are Applications and Services on the Public Cloud Secure?
September 15, 2012 Added by:Rafal Los
Any application that was built to be secured independently of the environment will do as well in a public cloud as it did in your private data center. If you build the application to be low-risk independent of your environmental controls you shouldn't have to worry where it lives...
Comments (0)
The SDLC Knowledge Gap in Motion: DevOps to the Rescue?
September 12, 2012 Added by:Rafal Los
I can't tell you the fun things we found in this pre-production environment when we started digging around during security testing. No, really, I can't tell you, but rest assured it didn't end with misconfigurations, or accidental code bits being included...
Comments (0)
Which Application Testing is Right for Your Organization?
August 23, 2012 Added by:Brent Huston
Billions of dollars and millions of identities are at stake every day. In the past, security professionals thought firewalls, Secure Sockets Layer, patching, and privacy policies were enough to protect websites from hackers. Today, we know better. Whatever your industry — you should have consistent testing...
Comments (0)
The Seven Qualities of Highly Secure Software
August 23, 2012 Added by:Ben Rothke
Behind nearly every vulnerability is poorly written software. The 7 Qualities of Highly Secure Software highlights qualities that are essential to stop insecure code. This is a highly valuable book that can be of significant use to every stakeholder, from those in the boardroom to the head of application development...
Comments (0)
Buggy out the Door: Externally Discovered Defects (EDD)
August 15, 2012 Added by:Rafal Los
What if 25% of your bugs actually ARE discovered by your customers? There is a collision of a few things here that makes this matter a lot less simple than we'd like, and a lot less convenient if you think you have a solution to the problem, but in the end it is a problem...
Comments (0)
Unsafe at Any Speed: Enterprises Misunderstand Software Quality
August 13, 2012 Added by:Rafal Los
I had a hard time believing that "going faster" could be more secure. It was difficult to wrap my brain around how deploying code in more rapid succession could mean that the code deployed could actually be safer... but I believe that to be true now. The one caveat here is "if it's done right"...
Comments (0)
To “Open Source” or “Not to Open Source”
July 27, 2012 Added by:Andrew Sanicola
Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...
Comments (0)
Broken Logic: Avoiding the Test Site Fallacy
July 25, 2012 Added by:Fergal Glynn
Dynamic Application Security Testing (DAST) tool vendors demonstrate their tools by allowing prospects to scan test sites so they can see how the scanner works and the reports generated. We should not gage the effectiveness of a scanner by only looking at the results from scanning these public test sites...
Comments (1)
Deploying Code Faster as a Security Feature?
July 24, 2012 Added by:Rafal Los
What if deploying faster is actually a security feature? I can empathize with the frustration many security professionals feel when they find a critical issue in an application only to be told that the patch will be rushed in about 3 months. I'd certainly love to hear that the update will be shipped this afternoon...
Comments (1)
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers
- NSA Surveillance Is Legal And Not Targeting Average Americans, Says Texas A&M Professor