Blog Posts Tagged with "Secure Coding"
Real-Life Example of a 'Business Logic Defect'
March 13, 2011 Added by:Rafal Los
I wanted to buy more than the site offered me at one given purchase. So I set the hamster loose on the wheel and tried something interesting that should never have worked. This type of vulnerability is a manipulation of application business logic and again, should never, ever work...
Comments (0)
The Psychology of 'Secure Code': A Tale of 2 Dev Shops
March 10, 2011 Added by:Rafal Los
Security generally slows down development, adds cost, and increases test time, so it is not seen as a general practice. In fact, the dedicated dev house has an incentive not to have security as a core requirement. Why? Simple - they want to churn out code/projects faster...
Comments (0)
Learn a Scripting Language to Make Security Work Easier
March 07, 2011 Added by:Brent Huston
Understanding programming logic basics is a huge plus for security folks who might have a more network/systems-centric background. It will help you understand a lot more about how applications work in your environment and how to best interact with them in ways to protect them...
Comments (6)
Implementing Complex Systems for Testing Application Logic
March 07, 2011 Added by:Rafal Los
Creating a system or a testing framework which can appropriately enable a previously entirely manual process is tricky - and while fully automating the finding of logic flaws may still be beyond our reach the research and ideas presented herein are steps forward to that direction...
Comments (0)
Secure Coding and Application Vulnerability Scanning
November 08, 2010 Added by:PCI Guru
There is a lot of confusion regarding secure coding standards and application vulnerability scanning requirements 6.5 and 6.6. First, let us talk about the intent of these requirements. The overall intent of both of these standards is to stop insecure applications from being placed in production...
Comments (0)
- Reddit Names Allison Miller as Chief Information Security Officer (CISO)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids