Blog Posts Tagged with "Secure Coding"

0a8cae998f9c51e3b3c0ccbaddf521aa

Real-Life Example of a 'Business Logic Defect'

March 13, 2011 Added by:Rafal Los

I wanted to buy more than the site offered me at one given purchase. So I set the hamster loose on the wheel and tried something interesting that should never have worked. This type of vulnerability is a manipulation of application business logic and again, should never, ever work...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Psychology of 'Secure Code': A Tale of 2 Dev Shops

March 10, 2011 Added by:Rafal Los

Security generally slows down development, adds cost, and increases test time, so it is not seen as a general practice. In fact, the dedicated dev house has an incentive not to have security as a core requirement. Why? Simple - they want to churn out code/projects faster...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Learn a Scripting Language to Make Security Work Easier

March 07, 2011 Added by:Brent Huston

Understanding programming logic basics is a huge plus for security folks who might have a more network/systems-centric background. It will help you understand a lot more about how applications work in your environment and how to best interact with them in ways to protect them...

Comments  (6)

0a8cae998f9c51e3b3c0ccbaddf521aa

Implementing Complex Systems for Testing Application Logic

March 07, 2011 Added by:Rafal Los

Creating a system or a testing framework which can appropriately enable a previously entirely manual process is tricky - and while fully automating the finding of logic flaws may still be beyond our reach the research and ideas presented herein are steps forward to that direction...

Comments  (0)

Fc152e73692bc3c934d248f639d9e963

Secure Coding and Application Vulnerability Scanning

November 08, 2010 Added by:PCI Guru

There is a lot of confusion regarding secure coding standards and application vulnerability scanning requirements 6.5 and 6.6. First, let us talk about the intent of these requirements. The overall intent of both of these standards is to stop insecure applications from being placed in production...

Comments  (0)

Page « < 2 - 3 - 4 - 5 - 6 > »