Thoughts on Software Security Assurance from a Like Mind

June 10, 2011 Added by:Rafal Los

Being able to tie exploitable issues in a running application to source code is the Holy Grail of security testing... but it's unlikely you'll get good adoption and success if you're trying to hand a bunch of developers black-box security testing technology...

Comments  (0)


Mac Antivirus - Being Careful and Staying Safe

June 09, 2011 Added by:Bozidar Spirovski

What antivirus software packages have a Mac version? As of June 2011, Wikipedia lists that only 16 out of 62 antivirus software packages support the Mac. In a very interesting marketing move, some antivirus manufacturers actually offer free use of antivirus packages for Mac...

Comments  (0)


Prescriptive Software Security Assurance for SMBs

May 25, 2011 Added by:Rafal Los

Can you handle the work it would take to ratchet up security on your applications? If you've got more than a dozen applications with more then 5 in the pipeline, you can figure on a single non-dedicated resource being able to handle one application security test per week, tops...

Comments  (0)


Web App Configuration Analyzer 2.0 Tool Released

May 20, 2011 Added by:Headlines

Web Application Configuration Analyzer (WACA) is a tool that scans a server against a set of best practices recommended for pre-production and production servers. It can also be used by developers to ensure that their codebase works within a secure / hardened environment...

Comments  (0)


Post-Production Application Security Testing

May 17, 2011 Added by:Rafal Los

I've spent several meetings in the last few months reminding people that even though they perform security testing and validation of their apps before they deploy they're leaving those apps running, in some cases for years, without looking back in on them. This is a bad thing...

Comments  (0)


Vupen Security: The First Pwn Troll Business?

May 16, 2011 Added by:Keith Mendoza

I don't know what credibility Vupen has left as a company in the eyes of the information security industry. They're actions are no different from patent trolls or the many script kiddies who troll around the web showing their half-baked warez...

Comments  (0)


Proposal for an All-or-Nothing Secure Software Standard

May 10, 2011 Added by:Keith Mendoza

Secure software standards should be all-or-nothing. Either the software--and all of its dependencies--are compliant, or the software is not compliant. Not owning the library, or database, will not be an excuse to not meeting the standards...

Comments  (4)


Basic Secure Coding Practices for C or C++

May 04, 2011 Added by:Keith Mendoza

Most privilege escalations take advantage of being able to modify the code being executed because the application writes to memory locations past what it allocated. However, if you have a variable that uses up more space than the amount of data, that's extra space for an attacker to use...

Comments  (3)


Is Oracle Misleading Its Database Customers With CPUs?

April 26, 2011 Added by:Alexander Rothacker

Is Oracle misleading its database customers during its quarterly Critical Patch Updates (CPUs)? Unfortunately for its customers, Oracle has figured out a way to downplay the severity of its vulnerabilities and water down the Common Vulnerability Scoring System (CVSS) scoring...

Comments  (0)


Defending Web Apps Against Overwhelming Odds

April 24, 2011 Added by:Rafal Los

We can all agree that there are enough *exploitable security defects* in software that virtually every organization on the planet can (and will) be broken into given enough time - so where does that leave us? More importantly, what does that have to do with cloud computing?

Comments  (0)


Cookies and Your Privacy: Past, Present and Future

April 24, 2011 Added by:Theresa Payton

If restrictions to cookies become common place on the internet, the Internet Advertising Bureau will be forced to make major changes to the way they obtain information about internet users. This could alter the entire structure of internet advertising as we know it today...

Comments  (0)


Top Five Mobile Operating System Options

April 20, 2011 Added by:Robert Siciliano

Five major players have floated to the top, dominating a major chunk of the mobile operating systems market. It used to be that people chose their phone only by their carrier and what brands they offered. Today many choose their phone based on the manufacturer and its operating system...

Comments  (0)


Data Breach Overload is Killing SSA

April 19, 2011 Added by:Rafal Los

Money and technology alone won't bring us secure software or applications. Many times the idea of spending a large chunk of money on tools alone sounds appealing because someone selling you something says that you should - but I'd like to urge caution...

Comments  (0)


Web Application Security: Minimizing the Risk of Attacks

April 19, 2011 Added by:Sasha Nunke

Vulnerabilities in web applications are now the largest source of enterprise security attacks. Web application vulnerabilities accounted for over 55% of all vulnerabilities disclosed in 2010, according to an IBM X-Force study. That may be the tip of the iceberg...

Comments  (0)


Software Security Assurance in a "One Man Show"

April 15, 2011 Added by:Rafal Los

Down-scaling an enterprise security challenge into a smaller fit is more of a challenge than you'd think, because it's just too easy to say 'outsource it all'... but how does that actually help an organization write more secure software? The answer is that it doesn't...

Comments  (0)


Webapp Scanner Review: Acunetix Versus Netsparker

April 11, 2011 Added by:Mark Baldwin

Review: Two companies have developed commercial webapp scanners that rival the features, the speed, the usability and the accuracy of any commercial tool on the market. And they do it at a price point that just about any small business or independent consultant can afford...

Comments  (5)

Page « < 5 - 6 - 7 - 8 - 9 > »