Blog Posts Tagged with "Code"

219bfe49c4e7e1a3760f307bfecb9954

Understanding the Strengths and Limitations of Static Analysis Security Testing (SAST)

July 17, 2015 Added by:Rohit Sethi

While static analysis is a very valuable technology for secure development, it is clearly no substitute for building applications with security in mind from the start.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Three Reasons Why a One-Size-Fits-All Secure SDLC Solution Won’t Work

May 08, 2013 Added by:Rohit Sethi

Forcing a security process on development teams that doesn’t take into account the way they develop software is a recipe for disaster. A good goal to have for secure SDLC is to minimize the impact on the team’s existing software development practice.

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security - Why Aren't the Enterprise Developers Listening?

February 19, 2013 Added by:Rafal Los

While there are plenty of enterprises out there that have figured out a formula for making software security work for them, for every one organization that 'gets it' there are many times more organizations that are struggling with software security year over year, quarter over quarter, day after day. Why?

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Why the Latest Rails Exploit Is Indicative of a Bigger Problem

February 15, 2013 Added by:Rohit Sethi

The latest Rails security flaw is example of a common anti-pattern. The issue in each case is an abuse of extensibility. At first glance the idea is clever: allow for run-time execution of new code or binding of server-side variables without changing your compiled code, thereby greatly enhancing extensibility.

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researchers: Flame Malware Shares Stuxnet Virus Module

June 11, 2012 Added by:Headlines

"Despite the fact that Stuxnet has been the subject of in-depth analysis... the mysterious 'resource 207' from 2009 has gone largely unnoticed. But it turns out that this is the missing link between Flame and Stuxnet... Clearly, these two pieces of exploit code were written by the same programmer..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Waledac Spam Botnet Evolves into Password Sniffer

February 20, 2012 Added by:Headlines

Researchers form Palo Alto Networks have detected a new variation of the briefly defeated Waledac spamming botnet, but this version is able to sniff out login credentials for several email protocols as well as files with the .dat extension related to BitCoin and FTP...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

User Assisted Compromise (UAC)

February 09, 2012 Added by:Rob Fuller

You have to wait for the user to use UAC (this does not work if someone else does, it's only for the current user HKCU). But, as a side benefit, it's a very real form of sneaky persistence as well, as it will execute our evil binary every single time they use UAC...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Duqu Malware Authors Display Sense of Humor

November 14, 2011 Added by:Headlines

"This is another prank pulled by the Duqu authors, since Showtime Inc. is the cable broadcasting company behind the TV series Dexter, about a CSI doctor who happens also to be a serial killer who avenges criminals in some post-modern perversion of Charles Bronson’s character in Death Wish..."

Comments  (0)

314f19f082e69886c20e31c70fe6dceb

Know What You Are Doing When You Copy Code

January 11, 2011 Added by:Rod MacPherson

Back in early May 2000 when the ILOVEYOU worm broke out, I, like many other employees at ISPs around the world scrambled to get something in place to stop the spread of it as it began to bring mail servers to a crawl and fill disk space with copies of itself...

Comments  (1)