Blog Posts Tagged with "Secure Coding"

C492d23f3758cf5cdee0b35b74cc36f1

Why Companies Fail to Secure Their Web Apps

December 14, 2015 Added by:Ilia Kolochenko

The five things that companies do to make hacking into their websites and web applications even easier for the hackers.

Comments  (0)

219bfe49c4e7e1a3760f307bfecb9954

Can Software Security Requirements Yield Faster Time to Market?

October 17, 2013 Added by:Rohit Sethi

Addressing security requirements while building software is substantially faster than fixing security vulnerabilities later, and since so many organizations end up mandating fixing security defects, preventing those defects up-front yields faster time-to-market.

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Power to the People and the Coming AppSec Revolution

January 24, 2013 Added by:Fergal Glynn

It used to be that you could call for more secure software from individual vendors – and Microsoft heeded that call with its push for trustworthy computing in 2002 – but today we’re more dependent on software and more interconnected than ever. We rise and fall by the security of our associates...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Automation, Dog Food and a Security State of Mind

January 20, 2013 Added by:Fergal Glynn

As a developer, I don’t focus on is security. I usually get the security correct, but my main goal is making all the parts work together well. And that’s true of most developers most of the time...

Comments  (0)

44a2e0804995faf8d2e3b084a1e2db1d

The Value of Secure Coding Procedures

January 09, 2013 Added by:Don Eijndhoven

I recently had a very interesting conversation with Dave Hyman of Checkmarx, who asked me how I saw the future of cyber security (or information security, take your pick). Now, as I’m sure you´ll agree with me, that’s a fairly abstract question that can go a lot of ways. My friends will confirm that I enjoy waxing philosophical discussions like that, but given what Checkmarx does with code se...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Security is Inconvenient, Deal With It!

December 17, 2012 Added by:Keith Mendoza

ZD Net had an article entitled "Kernel vulnerability places Samsung devices at risk" and I thought "so, what's new" until I followed the link to the forum post on xda-developers. Then I just lost it because I'm certain that this is a result of plain and simple laziness...

Comments  (2)

0a8cae998f9c51e3b3c0ccbaddf521aa

Java in the Cross-Hairs of Enterprise Security

September 26, 2012 Added by:Rafal Los

Enterprises seem to have a love-hate relationship with Java. It's a client we aren't thrilled with, but when it comes to cross-platform use there aren't really any other alternatives. If you look around you'll find that many of the security platforms are written in what? Java...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Rediscovering Our Way: OWASP AppSec Ireland 2012

September 20, 2012 Added by:Rafal Los

We can't expect the OWASP community to continue forward as a collection of application-security focused professionals without developer outreach, education, and more outreach. Application (and software) security isn't about security people at all, it's about developers...

Comments  (0)

4c1c5119b03285e3f64bd83a8f9dfeec

Preparing Developers for Tomorrow’s Cloudy World

September 17, 2012 Added by:Ben Kepes

"The advent of cloud computing has removed infrastructure as a barrier to rapid and massive scaling of applications. [IaaS and Paas have] made it possible for a developer to create an application one day and have it utilized by hundreds of thousands of users the next..."

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Are Applications and Services on the Public Cloud Secure?

September 15, 2012 Added by:Rafal Los

Any application that was built to be secured independently of the environment will do as well in a public cloud as it did in your private data center. If you build the application to be low-risk independent of your environmental controls you shouldn't have to worry where it lives...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The SDLC Knowledge Gap in Motion: DevOps to the Rescue?

September 12, 2012 Added by:Rafal Los

I can't tell you the fun things we found in this pre-production environment when we started digging around during security testing. No, really, I can't tell you, but rest assured it didn't end with misconfigurations, or accidental code bits being included...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Which Application Testing is Right for Your Organization?

August 23, 2012 Added by:Brent Huston

Billions of dollars and millions of identities are at stake every day. In the past, security professionals thought firewalls, Secure Sockets Layer, patching, and privacy policies were enough to protect websites from hackers. Today, we know better. Whatever your industry — you should have consistent testing...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

The Seven Qualities of Highly Secure Software

August 23, 2012 Added by:Ben Rothke

Behind nearly every vulnerability is poorly written software. The 7 Qualities of Highly Secure Software highlights qualities that are essential to stop insecure code. This is a highly valuable book that can be of significant use to every stakeholder, from those in the boardroom to the head of application development...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Buggy out the Door: Externally Discovered Defects (EDD)

August 15, 2012 Added by:Rafal Los

What if 25% of your bugs actually ARE discovered by your customers? There is a collision of a few things here that makes this matter a lot less simple than we'd like, and a lot less convenient if you think you have a solution to the problem, but in the end it is a problem...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Unsafe at Any Speed: Enterprises Misunderstand Software Quality

August 13, 2012 Added by:Rafal Los

I had a hard time believing that "going faster" could be more secure. It was difficult to wrap my brain around how deploying code in more rapid succession could mean that the code deployed could actually be safer... but I believe that to be true now. The one caveat here is "if it's done right"...

Comments  (0)

812d096e189ecbac061ebfe343f91e1e

To “Open Source” or “Not to Open Source”

July 27, 2012 Added by:Andrew Sanicola

Many open source products have add-ons, extensions, plug-ins etc. which make them attractive. While the core application itself is mostly secure, it is these extensions and plug-ins contributed by many diverse developers and organizations that introduce vulnerabilities into the open source product as a whole...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »