Blog Posts Tagged with "SDLC"

Ad5130e786d13531cc0f2cde32dacd0f

Security Scribbling: ISO 27001 vs. PCI Misunderstanding

November 17, 2011 Added by:Andrew Weidenhamer

The problem with using a risk based approach is the manner in which risk is defined and accepted. As long as there is a good Risk Assessment methodology in place and further good reasons and justifications to deal with risk, then using a risk based approach is perfectly acceptable...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Security Vendor Vulnerabilities: It's All About Reaction Time

June 03, 2011 Added by:Rafal Los

Holding a vendor accountable is understandable, since that is their primary business. There's really no excuse when a vendor of security products gets exploited or has a publicly disclosed exploit... well, sort of right? In the final analysis, what is it really all about?

Comments  (0)

67a9d83011f3fbb2cf8503aff453cc24

Web Application Security: Can Developers Learn Secure Coding?

April 25, 2011 Added by:kapil assudani

With a secure coding skillset missing from their primary job responsibility, and no enterprise process that introduces/enforces a secure coding process, there are really no incentives for developers to go the extra mile of introducing security into their code...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

It Was Developed By A Third Party… Of Course It’s Secure!

March 01, 2011 Added by:Gary McCully

I recently participated in an Internal Attack and Penetration Assessment where I encountered a third party web application which contained various vulnerabilities. These vulnerabilities could be linked together in such a way that remote code execution on the underlying operating system was possible...

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 3)

November 11, 2009 Added by:Stephen Primost

Risk assessments for application software is not a matter of a quick penetration test nor a matter of code reviews at a single point in time. It is a process of moving through the application/solution's Software Development Life Cycle (SDLC) and evaluating the results of the controls that are put in place at each phase. Whether it is waterfall, or agile method, waiting for the end of the final del...

Comments  (0)

A3e8b5e0becdbfb1b1c706b452b6c388

Road Map for an Application/Software Security Architect (Part 2)

November 02, 2009 Added by:Stephen Primost

Vulnerability testing at the acceptance stage of an application's Software Development Life Cycle (SDLC) will not compensate for the lack of an understanding of what is being done during the software development even though you may not have control over the development efforts. You need a plan that puts those controls in place and allows that governance. Ignoring vulnerabilities will not prevent b...

Comments  (0)

Page « < 1 - 2 > »