Blog Posts Tagged with "Secure Coding"

0a8cae998f9c51e3b3c0ccbaddf521aa

Defining Success for Information Security Through KPIs

March 26, 2012 Added by:Rafal Los

In the world of software development the business just wants to release fast and functional while the security team would prefer slower and more 'secure'. So as security struggles to positively impact risk, I found 5 key performance indicators that bridge the two positions...

Comments  (1)

B6eb8da5e7785a2eb11555021097c28a

Pitting Education Against Cyber Attacks

March 26, 2012 Added by:Frank Kim

In the relentless struggle to protect against cyber attacks, companies must identify vulnerabilities before hackers have an opportunity to exploit them. With software applications, a logical path to the early identification of vulnerabilities begins at the development stage...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Some Thoughts on Sandboxes

March 22, 2012 Added by:Rafal Los

Developer should be writing good code, period. But when the pace of developing outpaces the ability to do complete software security analysis we see security organizations turning to sandboxing as a method of limiting the damage an exploited piece of code can do...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Application Security: Why is Everybody Always Picking on Me?

March 19, 2012 Added by:Fergal Glynn

The recent explosion in Mobile application development paints a clear picture of the modern development landscape. Not only in terms of the incredible speed of production, but perhaps more importantly, the widening gap between speed-to-market and software security quality...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Applications vs. the Web: Enemy or Friend?

March 16, 2012 Added by:Danny Lieberman

A minimum of two languages on the server side (PHP, SQL) and three on the client side (Javascript, HTML, CSS) turns developers into frequent searchers for answers on the Internet driving up the frequency of software defects relative to a single language development platform...

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

Going Back to the Stack

March 15, 2012 Added by:Wendy Nather

If you have parts of your infrastructure outsourced, go over your contracts with your providers. You want them to be able to give you logs within a few minutes of the request and have the right technical support without fighting your way through first-level script-readers...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Assumptions: A Common but Dangerous Programming Practice

March 13, 2012 Added by:Fergal Glynn

Whatever the intended use of your input may be, even if you employ best practices to prevent data tampering, verifying individual pieces of data both at the reading and writing stage is a good defense in depth measure that can be taken with minimal effort...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Building an AppSec Training Program for Development Teams

March 07, 2012 Added by:Fergal Glynn

A holistic application security approach that includes integrating developer training with static analysis and advanced remediation techniques will help reduce overall risk across your enterprise application portfolio and will strengthen your security program...

Comments  (0)

00c83c62ef65f17ce8e790850c596964

Secure Now or Forever...

February 24, 2012 Added by:Pamela Gupta

Traditional access control is simple, but permission-based access has become challenging – applications that request the user’s permission to access sensitive data explicitly. We are expecting users to be system administrators without adequate training, which is not feasible...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Why Less Emphasis On Software Security?

February 23, 2012 Added by:Keith Mendoza

The only real fix for this is a mindset shift. At the minimum, software developers need to code defensively regardless of the scope of the project, because this needs to become a habit. Coding standards should include requirements that all compiler warnings should be resolved...

Comments  (4)

44fa7dab2a22dc03b6a1de4a35b7834a

A Security Resolution for Developers

February 22, 2012 Added by:Bill Gerneglia

You can’t understand how applications will be attacked if you don’t know how they work. Applications ultimately transmit data and operate on hardware in a network. Developers need to understand protocols, dependencies, communications, encryption, and more...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Focusing on Input Validation

February 11, 2012 Added by:Brent Huston

Input validation is the single best defense against injection and XSS vulnerabilities. Done right, proper input validation techniques can make web-applications invulnerable to such attacks. Done wrongly, they are little more than a false sense of security...

Comments  (0)

4e21f96122846f32545687ad42b271e2

Some "LightReading" about Mobile Application Security

February 10, 2012 Added by:Security Ninja

Developers, project managers and executive officers need to be able to evaluate the risk that they are exposing their customers and their businesses to. They need to know how to measure the security posture of their apps and to make decisions on what changes to make...

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

What’s Wrong with WAFs and How to Hack Them - Part 2

February 07, 2012 Added by:Gary McCully

In attempts to prevent XSS attacks many organizations block or HTML encode special characters (<, >, "). In order to be fair I will admit that this prevents many successful XSS attacks, but at the end of the day many of these web applications are still vulnerable to XSS...

Comments  (0)

959779642e6e758563e80b5d83150a9f

The Valley of Death Between IT and Security

February 03, 2012 Added by:Danny Lieberman

Truly – the essence of security is protecting the people who use a company’s products and services. What utility is there in running 24×7 systems that leak 4 million credit cards or developing embedded medical devices that may kill patients?

Comments  (0)

7e364bbac217114a59e547b354e7f7ad

What’s Wrong with WAFs and How to Hack Them - Part 1

January 31, 2012 Added by:Gary McCully

Many companies that configure web application firewalls do not truly understand the web application attacks they are trying to prevent. Thus, in many cases, we have poorly coded web applications with poorly configured web application firewalls "protecting" them...

Comments  (3)

Page « < 2 - 3 - 4 - 5 - 6 > »