Blog Posts Tagged with "Secure Coding"

E85787adcaf7bca10e799cfd1cfd08f1

Patch as Patch Can: All Software is Flawed

May 30, 2012 Added by:Michelle Drolet

While many software publishers don’t bother to release patches, the two that are religious about patching are Microsoft and Adobe. Ironically, they still account for the majority of client-side vulnerabilities, with the Office Suite products and Adobe Flash Player and Reader topping the list...

Comments  (0)

F2792196079f2c16cd02be6e9ff5b3da

Why AppSec Won't Always Bail You Out

May 24, 2012 Added by:DHANANJAY ROKDE

The approach of NetSec pros is different from the AppSec folks, as they concentrate on the attack-surface rather than get into the application itself. This is in no way comparison of the level of difficulty of either of the disciplines, NetSec pros just take it to the next level...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

NoOps and the Role of Infosec in Software Development

May 23, 2012 Added by:Rafal Los

The NoOps approach to software provides an opportunity to tightly integrate security, but we've got to get it right. If you can implement security during these cycles, spend time analyzing how workstreams will flow and what tools will be used to standardize and automate...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Making Things Worse by Asking all the Wrong Questions

May 14, 2012 Added by:Rafal Los

Blaming OWASP and developers for not adopting secure coding is silly. Uuntil the business cares about security, and developers have an incentive to write more secure code, tools and simple to use transparent technologies like that which OWASP provides won't get utilized...

Comments  (2)

68b48711426f3b082ab24e5746a66b36

A Field Guide to Post-UDID Unique IDs on iOS

May 10, 2012 Added by:Fergal Glynn

Ongoing developments in the device-wide ID space focus on two dueling schemes and codebases: OpenUDID and SecureUDID. If you’re an iOS developer, this will serve as an introduction to the details of these systems, including their limitations and potential for data leakage...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

Webinar: Keeping Your Open Source Software Secure

May 09, 2012 Added by:Infosec Island Admin

Understand why collaboration is invaluable in keeping proprietary systems secure. Learn how to share private information in public forums without harming your organization. Identify what tools are available to your organization for collaboration, notification, and knowledge-sharing...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

CISSP Reloaded Domain 7: Applications and Systems Development

May 08, 2012 Added by:Javvad Malik

Secure applications aren’t the result of evolution or chance conditions coming together. Secure applications are only created with a definite degree of intelligent design. You, as the security person are responsible for providing that intelligent design into the application...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

What’s Going Right with Your Secure Development Efforts?

May 04, 2012 Added by:Fergal Glynn

Security professionals place developer’s code under a microscope and highlight each and every flaw, so you can appreciate why there may be some tension. Testing of code only offers assessments of what they did wrong. Can we apply a different lens while having this conversation?

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Guide to the OWASP Application Security Top Ten

May 01, 2012 Added by:Fergal Glynn

Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Mobile Applications Shouldn’t Roll Their Own Security

May 01, 2012 Added by:Brent Huston

Many of the applications being designed are being done so by scrappy, product oriented developers. This is not a bad thing for innovation - in fact just the opposite - but it can be a bad thing for safety, privacy and security...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

AppSec Mistakes Companies Make and How to Fix Them

April 24, 2012 Added by:Fergal Glynn

We’re pleased to present responses from an array of security experts including Bill Brenner, Andrew Hay, Jack Daniel and Chris Wysopal. Common themes arose, including the idea of taking AppSec more seriously and committing to a programmatic approach vs. ad hoc manual testing...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Reflections on Ten years of Software Security

April 21, 2012 Added by:Rafal Los

Given a finite amount of time to write a piece of software with specified features and functionality the security of that code will always take a back seat. At least for the time being.Let's face it, code breaks in strange ways that it's not always easy to understand...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

On Buffer Overrun Vulnerabilities, Exploits and Attacks

April 19, 2012 Added by:Fergal Glynn

A Buffer overflow is a common software coding mistake. To effectively mitigate the vulnerability, it is important that you first understand what buffer overflows are, what dangers they pose to your applications, and what techniques attackers use to successfully exploit them...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Open Source Code in the Enterprise - Keys to Avoiding Vulnerabilities

April 18, 2012 Added by:Rafal Los

There is no debate in the open vs. closed source software question. Either can be made well, or poorly. Either open source or closed source can be relatively secure, or riddled with easy-to-exploit holes. We don't need to rehash this, but there appears to be some new data...

Comments  (0)

B451da363bb08b9a81ceadbadb5133ef

Pain Comes Immediately – Secure Development Takes Time

April 17, 2012 Added by:Alexander Rothacker

Once a patch to a vulnerability is released, the vendor should give as much guidance as possible to its customer base so that they can make an informed decision on how to mitigate — may it be a workaround, such as disabling some functionality, configuring compensating controls...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Demystifying Binary Static Analysis

March 30, 2012 Added by:Fergal Glynn

One of my goals in this presentation is to make it clear that there is nothing source code analysis can do that binary analysis can’t. Binary analysis even has benefits over source code analysis. It may seem counter-intuitive, so you will want to see the presentation...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »