Blog Posts Tagged with "Software Security Assurance"

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security Assurance - Getting the Formula Right

August 27, 2011 Added by:Rafal Los

Security professionals need to ensure that we're doing what's right for the developers who will be building more secure software, rather than us security professionals who are adept at bolting on security bits. That's the big revelation here, but of course, only if you believe me...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security for the Cloud - Same Pig, Shiny Lipstick

August 03, 2011 Added by:Rafal Los

The bottom line here is this - migrating to a cloud architecture doesn't magically make your applications secure... although for many SMBs this is a better option than trying to tackle this problem alone. Let's talk this through...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Business Relevant Infosec - The Top and Bottom Lines

July 24, 2011 Added by:Rafal Los

Security isn't somehow disconnected from the business... it's part of the business. When we fail to see that, to acknowledge that, then we lose - and by we I mean the entire community, the organization and you too...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Wizard-Driven Software Security Testing

July 06, 2011 Added by:Rafal Los

The technology available today for testing your applications is quite complex, but many folks simply want to push the "magic security button" and get fast, accurate results. That's simply impossible, but the requirements continue to demonstrate this want. So what do we do?

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Thoughts on Software Security Assurance from a Like Mind

June 10, 2011 Added by:Rafal Los

Being able to tie exploitable issues in a running application to source code is the Holy Grail of security testing... but it's unlikely you'll get good adoption and success if you're trying to hand a bunch of developers black-box security testing technology...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Most Important Security Question Ever Asked

June 01, 2011 Added by:Rafal Los

I've been learning a lot lately from one of my senior colleagues who's been doing this software security assurance thing much longer than I have, and the more time I spend with him the more I understand that it all comes down to one very simple question: Why?

Comments  (5)

0a8cae998f9c51e3b3c0ccbaddf521aa

Prescriptive Software Security Assurance for SMBs

May 25, 2011 Added by:Rafal Los

Can you handle the work it would take to ratchet up security on your applications? If you've got more than a dozen applications with more then 5 in the pipeline, you can figure on a single non-dedicated resource being able to handle one application security test per week, tops...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Post-Production Application Security Testing

May 17, 2011 Added by:Rafal Los

I've spent several meetings in the last few months reminding people that even though they perform security testing and validation of their apps before they deploy they're leaving those apps running, in some cases for years, without looking back in on them. This is a bad thing...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Securing Applications at High Velocity

May 11, 2011 Added by:Rafal Los

While the blistering speed of application development and deployment may enable the business to be more agile and responsive to the changing business climate than ever, it creates unparalleled challenges for anyone with security as part of their job description...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Supporting "Unmaintainable" Applications

May 08, 2011 Added by:Rafal Los

A solid Software Security Assurance program takes into consideration the legacy risks from all the applications that have existed before a security program came into being. The issues that surround legacy applications are complex, and can create headaches for security teams...

Comments  (0)

Af9c34417f8e5e0d240850bb353b5d40

Basic Secure Coding Practices for C or C++

May 04, 2011 Added by:Keith Mendoza

Most privilege escalations take advantage of being able to modify the code being executed because the application writes to memory locations past what it allocated. However, if you have a variable that uses up more space than the amount of data, that's extra space for an attacker to use...

Comments  (3)

0a8cae998f9c51e3b3c0ccbaddf521aa

Critical Keys to Successful Application Security Testing

May 03, 2011 Added by:Rafal Los

Keeping up with the amount of applications being released can often lead to more subtle issues. We can all say with relative confidence that just because an application has been tested does not make it secure - and even the best analysts & testers can miss security defects...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Data Breach Overload is Killing SSA

April 19, 2011 Added by:Rafal Los

Money and technology alone won't bring us secure software or applications. Many times the idea of spending a large chunk of money on tools alone sounds appealing because someone selling you something says that you should - but I'd like to urge caution...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security Assurance in a "One Man Show"

April 15, 2011 Added by:Rafal Los

Down-scaling an enterprise security challenge into a smaller fit is more of a challenge than you'd think, because it's just too easy to say 'outsource it all'... but how does that actually help an organization write more secure software? The answer is that it doesn't...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Paying for Risk: The Hidden Dangers of Software Acquisition

April 02, 2011 Added by:Rafal Los

Many organizations forego a Software Security Assurance (SSA) program simply because they don't develop their own software and so are missing the risks of the software or applications they are purchasing - don't get caught with this type of risk...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Software Security - Just Over the Horizon

March 31, 2011 Added by:Rafal Los

Things like Cross Site Scripting (XSS), SQL Injection, buffer overflow, access violation, race conditions and other variations are tested for using static analysis, dynamic analysis and some of the forthcoming hybrid technology. As an industry we're getting better at pattern-based security testing...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »
Most Liked