Blog Posts Tagged with "Code Review"
July 27, 2012 Added by:Andrew Sanicola
Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...
May 04, 2012 Added by:Fergal Glynn
Security professionals place developer’s code under a microscope and highlight each and every flaw, so you can appreciate why there may be some tension. Testing of code only offers assessments of what they did wrong. Can we apply a different lens while having this conversation?
March 26, 2012 Added by:Frank Kim
In the relentless struggle to protect against cyber attacks, companies must identify vulnerabilities before hackers have an opportunity to exploit them. With software applications, a logical path to the early identification of vulnerabilities begins at the development stage...
October 09, 2011 Added by:Rafal Los
We need to shift the security culture from "find bugs" to "fix bugs" or else we're in deep, deep trouble. Don't get me wrong, once the software industry has figured out how to write secure software by design, then we can worry about demanding bigger, better, faster scanning automation...
June 03, 2011 Added by:Headlines
"w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more..."
May 19, 2011 Added by:Brent Huston
Today, you have a plethora of code review automation tools and source code scanners. These tools make an easy way to pick the low hanging (and sometimes higher) vulnerabilities out of your code long before it is exposed to malicious outsider/insider contact...
March 07, 2011 Added by:Rafal Los
Creating a system or a testing framework which can appropriately enable a previously entirely manual process is tricky - and while fully automating the finding of logic flaws may still be beyond our reach the research and ideas presented herein are steps forward to that direction...
March 04, 2011 Added by:Rafal Los
An application has been relied upon successfully for months or years (decades?), and now that the organization finally gave you access to it because they touched/modified one small component you've found a systemic bug which requires a large-scale effort to remediate. Herein lies the rub...
March 02, 2011 Added by:Ron Lepofsky
Application owners sometimes get confused when doing a follow-up audit after they have implemented all recommendations made in an original audit. Some owners think they can save money on a subsequent audit simply by having an auditor validate the mitigation recommendations were implemented correctly...
November 03, 2010 Added by:Bozidar Spirovski
Like any technology-fed phenomenon with increasing public exposure, hacking is often ill-conceived and exaggerated in movie scenes. The following are five of the most implausible and amusing scenes that have resulted from this approach to hacker depiction in movies...
August 17, 2010 Added by:PCI Guru
Software is everywhere these days, and is in almost everything from flat panel televisions to furnaces. As more devices get connected to networks, the risk that backdoors or sleeper code will be used to obtain surreptitious access to these devices increases...
Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013
ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013
New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013