Blog Posts Tagged with "Software Security Assurance"

0a8cae998f9c51e3b3c0ccbaddf521aa

Why Does Software Security Keep Falling off your Budget?

May 22, 2012 Added by:Rafal Los

Approximately 3 out of 4 attacks against your enterprise or organization come at your applications. Whether it's at your website, at the mobile app you've deployed, or your enterprise API - you're being attacked where the lowest defenses are - the application...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Software Security: A Chief Financial Officer’s Perspective

May 15, 2012 Added by:Fergal Glynn

Surprise, you woke up today and found that 10% of the value of your company is gone because confidential customer information was made public. The FTC is knocking on your door asking for a forensic security audit. Your largest investors are calling about the scope of the breach...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Making Things Worse by Asking all the Wrong Questions

May 14, 2012 Added by:Rafal Los

Blaming OWASP and developers for not adopting secure coding is silly. Uuntil the business cares about security, and developers have an incentive to write more secure code, tools and simple to use transparent technologies like that which OWASP provides won't get utilized...

Comments  (2)

68b48711426f3b082ab24e5746a66b36

Cybersecurity Risks in Public Companies: An Infographic

May 07, 2012 Added by:Fergal Glynn

Following new SEC guidance issued relating to disclosure of security risks in company filings, public companies are beginning to be measured by regulators and investors on the strength of their security solution and ability to protect intellectual property and customer data...

Comments  (1)

68b48711426f3b082ab24e5746a66b36

What’s Going Right with Your Secure Development Efforts?

May 04, 2012 Added by:Fergal Glynn

Security professionals place developer’s code under a microscope and highlight each and every flaw, so you can appreciate why there may be some tension. Testing of code only offers assessments of what they did wrong. Can we apply a different lens while having this conversation?

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Guide to the OWASP Application Security Top Ten

May 01, 2012 Added by:Fergal Glynn

Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security. All of its articles, methodologies and technologies are made available free of charge to the public...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Mobile Applications Shouldn’t Roll Their Own Security

May 01, 2012 Added by:Brent Huston

Many of the applications being designed are being done so by scrappy, product oriented developers. This is not a bad thing for innovation - in fact just the opposite - but it can be a bad thing for safety, privacy and security...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

AppSec Mistakes Companies Make and How to Fix Them

April 24, 2012 Added by:Fergal Glynn

We’re pleased to present responses from an array of security experts including Bill Brenner, Andrew Hay, Jack Daniel and Chris Wysopal. Common themes arose, including the idea of taking AppSec more seriously and committing to a programmatic approach vs. ad hoc manual testing...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Reflections on Ten years of Software Security

April 21, 2012 Added by:Rafal Los

Given a finite amount of time to write a piece of software with specified features and functionality the security of that code will always take a back seat. At least for the time being.Let's face it, code breaks in strange ways that it's not always easy to understand...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Open Source Code in the Enterprise - Keys to Avoiding Vulnerabilities

April 18, 2012 Added by:Rafal Los

There is no debate in the open vs. closed source software question. Either can be made well, or poorly. Either open source or closed source can be relatively secure, or riddled with easy-to-exploit holes. We don't need to rehash this, but there appears to be some new data...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Understanding DevOps vs NoOps

April 14, 2012 Added by:Rafal Los

DevOps represents a fundamental shift in how applications are being delivered to the new 'web' via cloud, mobile and other channels. NoOps, as some understand it, effectively spells the end of the formal silos built around development, operations and quality testing teams...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Defining Success for Information Security Through KPIs

March 26, 2012 Added by:Rafal Los

In the world of software development the business just wants to release fast and functional while the security team would prefer slower and more 'secure'. So as security struggles to positively impact risk, I found 5 key performance indicators that bridge the two positions...

Comments  (1)

0a8cae998f9c51e3b3c0ccbaddf521aa

Some Thoughts on Sandboxes

March 22, 2012 Added by:Rafal Los

Developer should be writing good code, period. But when the pace of developing outpaces the ability to do complete software security analysis we see security organizations turning to sandboxing as a method of limiting the damage an exploited piece of code can do...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Application Security: Why is Everybody Always Picking on Me?

March 19, 2012 Added by:Fergal Glynn

The recent explosion in Mobile application development paints a clear picture of the modern development landscape. Not only in terms of the incredible speed of production, but perhaps more importantly, the widening gap between speed-to-market and software security quality...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Quantifying Risk Reduction with an Unknown Denominator

March 07, 2012 Added by:Rafal Los

The problem that exists with all these risk reduction measurements is that they're impossible to quantify. There is simply no way to say that by doing X you've reduced risk by Y% - at least not when you don't know the total number of issues that exist. And therein lies the problem...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Why Less Emphasis On Software Security?

February 23, 2012 Added by:Keith Mendoza

The only real fix for this is a mindset shift. At the minimum, software developers need to code defensively regardless of the scope of the project, because this needs to become a habit. Coding standards should include requirements that all compiler warnings should be resolved...

Comments  (4)

Page « < 1 - 2 - 3 - 4 - 5 > »