Blog Posts Tagged with "Development"


The Cybersecurity Skills Gap: An Update for 2020

December 18, 2019 Added by:Sam Bocetta

2020 will be a critical juncture for the entire cybersecurity sector

Comments  (0)


How SAMM Addresses Outsourced Development

January 28, 2014 Added by:Nima Dezhkam

Despite SAMM’s comprehensive guidelines around establishing an organization-wide security program and integrating security into in-house software development life-cycle, it does not elaborate as much on third-party vendor security and outsourced software development.

Comments  (0)


The Three Patterns of Software Development for SDLC Security

August 30, 2013 Added by:Rohit Sethi

A one-sized fits all approach to Software Development Life Cycle (SDLC) security doesn’t work. Practitioners often find that development teams all have different processes – many seem they are special snowflakes, rejecting a single SDLC security program.

Comments  (8)


Achieving Code Compliance in an Agile Environment

July 18, 2013 Added by:Phil Cox

You can have compliance in agile environments. Take the time to do it right and you’ll reap the benefits of both compliance and agile development.

Comments  (2)


Three Reasons Why a One-Size-Fits-All Secure SDLC Solution Won’t Work

May 08, 2013 Added by:Rohit Sethi

Forcing a security process on development teams that doesn’t take into account the way they develop software is a recipe for disaster. A good goal to have for secure SDLC is to minimize the impact on the team’s existing software development practice.

Comments  (1)


Why Are We Failing at Software Security?

May 01, 2013 Added by:Nish Bhalla

While there are many granular reasons for software security failures at the institutional, developer or vendor level - there are five industry-wide problems that are fueling the current state of insecurity. These are complicated problems and will not be easy to solve. But until we do, software security will remain at risk.

Comments  (4)


Software Security - Why Aren't the Enterprise Developers Listening?

February 19, 2013 Added by:Rafal Los

While there are plenty of enterprises out there that have figured out a formula for making software security work for them, for every one organization that 'gets it' there are many times more organizations that are struggling with software security year over year, quarter over quarter, day after day. Why?

Comments  (0)


Why the Latest Rails Exploit Is Indicative of a Bigger Problem

February 15, 2013 Added by:Rohit Sethi

The latest Rails security flaw is example of a common anti-pattern. The issue in each case is an abuse of extensibility. At first glance the idea is clever: allow for run-time execution of new code or binding of server-side variables without changing your compiled code, thereby greatly enhancing extensibility.

Comments  (0)


Who is Responsible for Application Security? Development or Security?

January 10, 2013 Added by:Matt Neely

During a recent visit to a client site, I took part in a discussion where the Development Department and the Security Department were arguing over which group was responsible for the security of web applications. Security felt it was the responsibility of the developers, and the developers felt it was the responsibility of security. I commonly see this debate taking place inside organizations, s...

Comments  (1)


The secret of incorporating security into functional testing

November 04, 2012 Added by:Rafal Los

Conversation today was around tools and use-cases for the tools in the stream of creating more secure software. My experience in this industry over the last several years has taught me that you have to fashion the tools to the use-case. Even if you give me a fantastic hammer I still won't be a great carpenter...

Comments  (0)


On the Cyber Security Landscape in Africa

October 27, 2012 Added by:Plagiarist Paganini

The African IT scenario is deeply and rapid changing, but we have to consider great differences in the development of various economies. I believe that this isn't a problem, the main concern in my opinion is the uniform development of cyber security culture on the overall continent...

Comments  (0)


Rediscovering Our Way: OWASP AppSec Ireland 2012

September 20, 2012 Added by:Rafal Los

We can't expect the OWASP community to continue forward as a collection of application-security focused professionals without developer outreach, education, and more outreach. Application (and software) security isn't about security people at all, it's about developers...

Comments  (0)


Preparing Developers for Tomorrow’s Cloudy World

September 17, 2012 Added by:Ben Kepes

"The advent of cloud computing has removed infrastructure as a barrier to rapid and massive scaling of applications. [IaaS and Paas have] made it possible for a developer to create an application one day and have it utilized by hundreds of thousands of users the next..."

Comments  (0)


The SDLC Knowledge Gap in Motion: DevOps to the Rescue?

September 12, 2012 Added by:Rafal Los

I can't tell you the fun things we found in this pre-production environment when we started digging around during security testing. No, really, I can't tell you, but rest assured it didn't end with misconfigurations, or accidental code bits being included...

Comments  (0)


The Seven Qualities of Highly Secure Software

August 23, 2012 Added by:Ben Rothke

Behind nearly every vulnerability is poorly written software. The 7 Qualities of Highly Secure Software highlights qualities that are essential to stop insecure code. This is a highly valuable book that can be of significant use to every stakeholder, from those in the boardroom to the head of application development...

Comments  (0)


Deploying Code Faster as a Security Feature?

July 24, 2012 Added by:Rafal Los

What if deploying faster is actually a security feature? I can empathize with the frustration many security professionals feel when they find a critical issue in an application only to be told that the patch will be rushed in about 3 months. I'd certainly love to hear that the update will be shipped this afternoon...

Comments  (1)

Page « < 1 - 2 - 3 - 4 - 5 > »