Blog Posts Tagged with "Development"


Software Security - Just Over the Horizon

March 31, 2011 Added by:Rafal Los

Things like Cross Site Scripting (XSS), SQL Injection, buffer overflow, access violation, race conditions and other variations are tested for using static analysis, dynamic analysis and some of the forthcoming hybrid technology. As an industry we're getting better at pattern-based security testing...

Comments  (0)


Secure Coding: Missing the Goal

March 29, 2011 Added by:Andy Willingham

If we continue to allow poor coding practices then we will always be behind the curve and playing catch-up with the hackers. I know code will always have errors and vulnerabilities in it just as infrastructure and other areas where we implement protections will always have their shortcomings...

Comments  (1)


The Web Application Security "White Elephants"

March 20, 2011 Added by:Rafal Los

We were both talking about things that aren't necessarily new to the security or app-dev community, but aren't being actively addressed. It hit me that there were two big white elephants in the room, and we happened to be talking about them in an open forum.. Finally...

Comments  (0)


Developer Psychology - The Infinite Feedback Loop

March 02, 2011 Added by:Rafal Los

Developers are having issues understanding us as Infosec people. We need to be less alarmist, and more sensitive to their time lines and goals, and we also need to be able to speak "developer", which means not sending over huge reports with thousands of pages of vulnerabilities...

Comments  (0)


It Was Developed By A Third Party… Of Course It’s Secure!

March 01, 2011 Added by:Gary McCully

I recently participated in an Internal Attack and Penetration Assessment where I encountered a third party web application which contained various vulnerabilities. These vulnerabilities could be linked together in such a way that remote code execution on the underlying operating system was possible...

Comments  (0)


Mitigating Security Threats Through Forensic Psychology

February 06, 2011 Added by:Jonathan Dudek

Identifying the nature of threats - the motives and modi operandi of criminal groups and other critical factors contributing to their behavior, such as underlying cultural and political beliefs - will foster the development of appropriate risk mitigation strategies and safeguards at every level...

Comments  (2)


Customer Security and Software Security

February 02, 2011 Added by:Danny Lieberman

What threats really count for your business? No question is more important for implementing effective security. The management, the software developers and security analysts cannot expect to mitigate risk without knowing the sources and costs of threats to products and the products’ users...

Comments  (3)


The Case for an Open Source Physical Security Software

January 18, 2011 Added by:Guy Huntington

The open source formula usually delivers free software with a low yearly license. Use of this software should lower enterprises overall physical security budget over time as opposed to paying proprietary vendors large purchase amounts and annual license fees...

Comments  (0)


Complexity - A Sure Way to Fail

January 11, 2011 Added by:Rafal Los

Almost every single product's marketing page has "Ease of Use" as one of the checkbox features, it's rare that this actually manifests itself in the real products. The end result of difficult to use security products is clear - security breaches are rampant. You don't have to take my word for it...

Comments  (4)


The Seven Deadly Sins of Software Security

January 10, 2011 Added by:Danny Lieberman

The software development environment of 20 years ago is radically different than today. Development tools are free, hardware is almost free and programming talent is a global resource. Its so easy to do things today but that's precisely the problem...

Comments  (1)


Why QA Doesn't Do Security Testing

January 06, 2011 Added by:Rafal Los

Just because you're checking for the existence of the password requirement, or making sure pages aren't accessible without authentication doesn't actually mean you're doing security testing. In reality, this is just a small part of the overall security testing that applications require...

Comments  (1)


2010 - A Quick Look Back to Look Forward

December 29, 2010 Added by:Rafal Los

So looking back on 2010 and where our footprints in the sand have led us to so far, I can't help but feel like we've been walking around in circles, talking about the same security issues over and over again but only changing up the words to make it look more appealing and calling it new...

Comments  (0)


Dangers of Self-Managed Development Environments

November 03, 2010 Added by:Jamie Adams

I have seen developers relax security controls during unit development only to be bewildered when full integration testing fails. Many database administrators have strict controls which developers must adhere to. Why isn't it the same when it comes to base operating system resources?

Comments  (3)

Page « < 1 - 2 - 3 - 4 - 5 > »