-
RSA Conference 2006
Can't make it to RSA 2006? Check out our continuous coverage from the show floor. Conference Coverage
-
Architectural Risk Analysis: Traditional Risk Analysis Terminology
Book Chapter
- See More: Essential Knowledge on Secure Coding and Application Programming
-
Web application vulnerability statistics show security losing ground
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks. News | 08 Feb 2012
-
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. News | 03 Feb 2012
-
Comet hit with lawsuit for alleged Microsoft Windows piracy
Microsoft is suing Comet, alleging the electronics retailer sold counterfeit Windows backup discs, but Comet claims it was just good customer service. News | 04 Jan 2012
-
Secure coding techniques absent from eight in 10 Web applications
Veracode’s latest State of Software Security Report showed secure coding techniques are absent from most Web applications. Android apps fared badly, too. News | 07 Dec 2011
-
Car rental firm cruises past IE6 security issues
IE6 is plagued with security flaws, yet upgrading can stymie some applications. Avis is piloting a product it believes resolves IE6 security issues. News | 11 Nov 2011
-
(ISC)2 promotes secure SDLC with 1000th CSSLP
(ISC)2 wants its CSSLP certification, focusing on secure software development, to help augment enterprises' secure SDLC programs. News | 07 Nov 2011
-
Data shows many applications still contain OWASP Top 10 flaws
A recent study finds application security in a dismal state, with more than 80% of Web apps containing errors on the OWASP Top 10 list. News | 19 Apr 2011
-
Study puts a price on software code security assurance management
A recent study by Fortify Software Inc. and Mainstay Partners LLC reveals that having secure code is cheaper than having insecure code, and the numbers prove it. Article | 15 Oct 2010
-
Following Stuxnet Trojan, NERC security chief calls for rugged software
The Stuxnet malware has highlighted the need for software with fewer defects and is an "indictment on the IT business in general," according to the security chief at NERC. Article | 11 Oct 2010
-
Study: IT often fails to meet secure software development requirements
In a recent study conducted by Veracode Inc., more than half of the systems tested failed to meet secure software development standards propagated by bodies such as OWASP and SANS. Article | 24 Sep 2010
- See More: News on Secure Coding and Application Programming
-
Using Burp Suite proxy tool to examine client-side requests
The free Burp Suite proxy tool can be used for good or for bad. Expert Rob Shapland provides usage scenarios for both. Tip
-
Outsourcing security issues: Managing outsourced software development
Learn the most important outsourcing security issues to cover in partner contracts and SLAs when outsourcing software development. Tip
-
Web application security guidelines for developers
The best way to mitigate Web app flaws is to prevent them in the first place. Learn how with these Web application security guidelines for developers. Tip
-
PHP MVC framework tutorial: Learn Web application development security
Get tips on writing secure PHP Web apps from the start with these pointers from expert Michael Cobb. Tip
-
Secure software development lifecycle: An approach for SMBs
Small businesses that lack the resources to implement the full MSDL can use its basic tenants to provide more secure software development. Tip
-
Creating a Java security framework that thwarts a Java exploit
The number of attacks on Java is steadily increasing, and many enterprises are unprepared for the threat. Get advice on how to lock down Java from expert Nick Lewis. Tip
-
SAP security tutorial: Top 10 SAP security implementation steps
Implementing SAP software securely isn't only the job of SAP specialists; the entire IT department has a role to play. Learn the top ten steps to a secure SAP implementation. Tip
-
Preventing and detecting security vulnerabilities in Web applications
Web applications are often developed quickly with little thought to security. Expert Richard Brain explains how to detect common Web app flaws. Tip
-
Using resource allocation management to prevent DoS and other attacks
Resource allocation management is an effective way to prevent denial-of-service (DoS) and other attacks. Find out how to allocate resources in order to increase the security of your organisation. Tip
-
Improving software with the Building Security in Maturity Model (BSIMM)
Learn about the Building Security in Maturity Model (BSIMM), a software security framework that emphasizes attack models, software security testing, code review and compliance policies. Also, does your company have a software security group (SSG)? Tip
- See More: Tips on Secure Coding and Application Programming
-
Dynamic code analysis vs. static analysis source code testing
Managing vulnerabilities involves a wide array of security testing, including both dynamic and static source code analysis. Learn how the two differ, as well as how they are performed in this expert response. Ask the Expert
-
How to prevent Adobe hacks from affecting your organisation
In this expert response, find out why Adobe has been an enticing target for PDF attacks recently. Ask the Expert
-
Can fuzzing identify cross-site scripting (XSS) vulnerabilities effectively?
Fuzzing may find weaknesses in software, but the testing process can't find every flaw. Ed Skoudis explains what other tools are necessary when looking for cross-site scripting vulnerabilities. Ask the Expert
-
Has cross-site scripting evolved?
It's astounding what is being done with browser scripts these days. In this expert Q&A, Ed Skoudis explains how today's cross-site scripting attacks are a far cry from those of a decade ago. Ask the Expert
-
Can dynamic and static verification secure a platform?
The best software testing approach is to use a combination of static and dynamic verification tools that continually check for technical and logical vulnerabilities during the development cycle. Expert Michael Cobb examines each testing procedure in ... Ask the Expert
-
Should third-party software tools be used to customize applications?
Many features and functions required for today's network-ready applications can be purchased at a fraction of the cost that it would take to build them independently. But are they safe enough? Application security expert Michael Cobb explains. Ask the Expert
-
Should fuzzing be part of the secure software development process?
Fuzzing, a common software-testing method, should not be your only vulnerability assessment technique. In this SearchSecurity.com Q&A, Michael Cobb reviews how passing a fuzz test does not always mean that a program is bug-free. Ask the Expert
-
Web application firewall: Protection against most security vulnerabilities?
Hugh Thompson, founder and chief security strategist at People Security, reviews why WAFs alone are not strong enough to tackle today's Web application threats. Video
-
CISSP Essentials training: Domain 6, Application and System Development
In this CISSP Essentials video, Domain 6, Application and System Development, expert CISSP exam trainer Shon Harris details how applications and systems are structured. Video
-
The future of exploit vulnerability research
At Information Security Decisions 2008, security researchers discuss the most vulnerable network points and the future of the SDLC. Video
-
Using Burp Suite proxy tool to examine client-side requests
The free Burp Suite proxy tool can be used for good or for bad. Expert Rob Shapland provides usage scenarios for both. Tip
-
Web application vulnerability statistics show security losing ground
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks. News
-
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. News
-
Comet hit with lawsuit for alleged Microsoft Windows piracy
Microsoft is suing Comet, alleging the electronics retailer sold counterfeit Windows backup discs, but Comet claims it was just good customer service. News
-
Outsourcing security issues: Managing outsourced software development
Learn the most important outsourcing security issues to cover in partner contracts and SLAs when outsourcing software development. Tip
-
Secure coding techniques absent from eight in 10 Web applications
Veracode’s latest State of Software Security Report showed secure coding techniques are absent from most Web applications. Android apps fared badly, too. News
-
Web application security guidelines for developers
The best way to mitigate Web app flaws is to prevent them in the first place. Learn how with these Web application security guidelines for developers. Tip
-
Car rental firm cruises past IE6 security issues
IE6 is plagued with security flaws, yet upgrading can stymie some applications. Avis is piloting a product it believes resolves IE6 security issues. News
-
(ISC)2 promotes secure SDLC with 1000th CSSLP
(ISC)2 wants its CSSLP certification, focusing on secure software development, to help augment enterprises' secure SDLC programs. News
-
PHP MVC framework tutorial: Learn Web application development security
Get tips on writing secure PHP Web apps from the start with these pointers from expert Michael Cobb. Tip
- See More: All on Secure Coding and Application Programming
About Secure Coding and Application Programming
Discover useful information from the pros on secure coding and application programming. Get tips on how to build your company's application security structure by developing secure coding and application programming standards and guidelines.