Blog Posts Tagged with "Secure Coding"


Tenth Anniversary of Gates Trustworthy Computing Memo

January 27, 2012 Added by:Fergal Glynn

January 15th was the 10th anniversary of Gates Trustworthy Computing memo. I asked a mixed group of my colleagues at Veracode to answer this question. The group has a wide age range, and come from many different backgrounds. Some of the answers are really funny. I hope you enjoy...

Comments  (0)


Windows Phone Application Analyzer v1.0 Released

January 20, 2012 Added by:Security Ninja

I developed and would like to introduce the Windows Phone App Analyzer, The Windows Phone App Analyser is similar to the static analysis tab in Agnitio. If you browse to any C# .cs files and click scan you will see the keyword highlighting that you might be familiar with from Agnitio...

Comments  (0)


Government Cyber Strategy Directs Billions for R and D

December 19, 2011 Added by:Headlines

"When we look at the plan itself, it represents our visions for the research necessary to develop game changing technologies that can help neutralize today's cyber attacks and build an infrastructure to secure our systems from what may come in the future..."

Comments  (0)


Top Ten Mistakes Made By Linux Developers

December 11, 2011 Added by:Danny Lieberman

My colleague, Dr. Joel Isaacson talks about the top ten mistakes made by Linux developers. It’s a great article and great read from one of the top embedded Linux programmers in the world...

Comments  (0)


Free From Defect Software License

November 22, 2011 Added by:Keith Mendoza

This is a question that I would like to pose to the open-source software community: Assuming that we can ignore the lawyers for a second, what amount of effort would you be willing to put to produce software that is free of defect from workmanship? How will you go about making sure?

Comments  (2)


The CERT Oracle Secure Coding Standard for Java

October 18, 2011 Added by:Ben Rothke

The CERT Oracle Secure The CERT Oracle Secure Coding Standard for Java is an invaluable guide that provides the reader with the strong coding guidelines and practices in order to reduce coding vulnerabilities that can lead to Java and Oracle exploits...

Comments  (0)


Scanning Applications Faster - A Chicken vs. Egg Problem

October 09, 2011 Added by:Rafal Los

We need to shift the security culture from "find bugs" to "fix bugs" or else we're in deep, deep trouble. Don't get me wrong, once the software industry has figured out how to write secure software by design, then we can worry about demanding bigger, better, faster scanning automation...

Comments  (0)


Software Security Assurance - Getting the Formula Right

August 27, 2011 Added by:Rafal Los

Security professionals need to ensure that we're doing what's right for the developers who will be building more secure software, rather than us security professionals who are adept at bolting on security bits. That's the big revelation here, but of course, only if you believe me...

Comments  (0)


Software Security Degree Programs

July 17, 2011 Added by:Bozidar Spirovski

More institutions are providing programs and degrees focused on the security aspect of information technology than ever before. Part of the reason for this is the significant projected increase in the number of jobs available in the field...

Comments  (1)


Mitigating Injection Attacks

July 07, 2011 Added by:kapil assudani

The developers job gets easier since if he/she is working on an independent code that is a module for the master code, the variable type is identified and hence corresponding input validation / output encoding technique automatically gets applied through the framework...

Comments  (0)


Thoughts on Software Security Assurance from a Like Mind

June 10, 2011 Added by:Rafal Los

Being able to tie exploitable issues in a running application to source code is the Holy Grail of security testing... but it's unlikely you'll get good adoption and success if you're trying to hand a bunch of developers black-box security testing technology...

Comments  (0)


Proposal for an All-or-Nothing Secure Software Standard

May 10, 2011 Added by:Keith Mendoza

Secure software standards should be all-or-nothing. Either the software--and all of its dependencies--are compliant, or the software is not compliant. Not owning the library, or database, will not be an excuse to not meeting the standards...

Comments  (4)


Basic Secure Coding Practices for C or C++

May 04, 2011 Added by:Keith Mendoza

Most privilege escalations take advantage of being able to modify the code being executed because the application writes to memory locations past what it allocated. However, if you have a variable that uses up more space than the amount of data, that's extra space for an attacker to use...

Comments  (3)


Majority of Web Apps Deployed with Security Flaws

April 26, 2011 Added by:Headlines

Veracode analyzed nearly five-thousand applications submitted to its cloud-based testing service over the period of eighteen months and found that more than half of the software had some sort of significant security flaw. “Software remains fundamentally flawed," the report states...

Comments  (0)


Web Application Security: Can Developers Learn Secure Coding?

April 25, 2011 Added by:kapil assudani

With a secure coding skillset missing from their primary job responsibility, and no enterprise process that introduces/enforces a secure coding process, there are really no incentives for developers to go the extra mile of introducing security into their code...

Comments  (0)


Secure Coding: Missing the Goal

March 29, 2011 Added by:Andy Willingham

If we continue to allow poor coding practices then we will always be behind the curve and playing catch-up with the hackers. I know code will always have errors and vulnerabilities in it just as infrastructure and other areas where we implement protections will always have their shortcomings...

Comments  (1)

Page « < 2 - 3 - 4 - 5 - 6 > »