Email Alerts
-
Schneier-Ranum Face-Off on the dangers of a software monoculture
Security experts Bruce Schneier and Marcus Ranum debate the impact of a software monoculture on computer security. Feature
-
Threat assessment model: Testing open source software for security
To mitigate the risks of using open source software, Yoav Aner and Carlos Cid propose a new threat modelling method for testing the security of open source software. Royal Holloway eBook Seri
-
How to tackle a buffer overflow attack and avoid vulnerabilities
Despite the research and learned papers on the subject, buffer overflow exploits seem to be as popular – and as successful – as ever Royal Holloway eBook Seri
-
2009 Royal Holloway University of London MSc thesis series
Read a group of information security articles -- from the highly technical to the basic -- authored by recent MSc graduates of Royal Holloway University of London (RHUL). Royal Holloway eBook Seri
-
How valuable is security vulnerability research?
Bruce Schneier and Marcus Ranum debate the ethics of vulnerability research. Face-off
-
Security market consolidation: Plague or progress?
Bruce Schneier and Marcus Ranum debate the impact of market consolidation on information security. Face-off
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
The Art of Software Security Testing
Read an excerpt from the book, The Art of Software Security Testing: Identifying Software Security Flaws. In Chapter 11, "Local Fault Injection," the authors explain the proper methods for examining file formats. chapter excerpt
-
Attacks targeted to specific applications
This is the fourth tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage," pu... Book Chapter
-
PING with Aviel Rubin
In this exclusive interview with Information Security magazine, Aviel Rubin, author of "Brave New Ballot" examines security problems in e-voting machines, and details why isn't just a cause for concern, it's a matter of national security. Information Security maga
- See more Essential Knowledge on Secure Coding and Application Programming
-
Windows security case study: Controlling Windows 7 user privileges
After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges. News | 24 Feb 2012
-
Web application vulnerability statistics show security losing ground
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks. News | 08 Feb 2012
-
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. News | 03 Feb 2012
-
Comet hit with lawsuit for alleged Microsoft Windows piracy
Microsoft is suing Comet, alleging the electronics retailer sold counterfeit Windows backup discs, but Comet claims it was just good customer service. News | 04 Jan 2012
-
Secure coding techniques absent from eight in 10 Web applications
Veracode’s latest State of Software Security Report showed secure coding techniques are absent from most Web applications. Android apps fared badly, too. News | 07 Dec 2011
-
Car rental firm cruises past IE6 security issues
IE6 is plagued with security flaws, yet upgrading can stymie some applications. Avis is piloting a product it believes resolves IE6 security issues. News | 11 Nov 2011
-
(ISC)2 promotes secure SDLC with 1000th CSSLP
(ISC)2 wants its CSSLP certification, focusing on secure software development, to help augment enterprises' secure SDLC programs. News | 07 Nov 2011
-
Data shows many applications still contain OWASP Top 10 flaws
A recent study finds application security in a dismal state, with more than 80% of Web apps containing errors on the OWASP Top 10 list. News | 19 Apr 2011
-
Study puts a price on software code security assurance management
A recent study by Fortify Software Inc. and Mainstay Partners LLC reveals that having secure code is cheaper than having insecure code, and the numbers prove it. Article | 15 Oct 2010
-
Following Stuxnet Trojan, NERC security chief calls for rugged software
The Stuxnet malware has highlighted the need for software with fewer defects and is an "indictment on the IT business in general," according to the security chief at NERC. Article | 11 Oct 2010
- See more News on Secure Coding and Application Programming
-
Securing NoSQL applications: Best practises for big data security
NoSQL is great for big data, but security is often lacking in NoSQL applications. Davey Winder provides best practises for NoSQL security. Tip
-
Building a secure website and maintaining good website design
As a new website is developed, security goals often lose out to design aspirations. Learn how to keep security at the top of the priority list. Tip
-
A compliance strategy for the controversial cookie opt-in regulation
Businesses face many concerns with the PECR cookie law. Compliance expert Alan Calder offers a compliance strategy for the cookie opt-in regulation. Tip
-
Using Burp Suite proxy tool to examine client-side requests
The free Burp Suite proxy tool can be used for good or for bad. Expert Rob Shapland provides usage scenarios for both. Tip
-
Outsourcing security issues: Managing outsourced software development
Learn the most important outsourcing security issues to cover in partner contracts and SLAs when outsourcing software development. Tip
-
Web application security guidelines for developers
The best way to mitigate Web app flaws is to prevent them in the first place. Learn how with these Web application security guidelines for developers. Tip
-
PHP MVC framework tutorial: Learn Web application development security
Get tips on writing secure PHP Web apps from the start with these pointers from expert Michael Cobb. Tip
-
Secure software development lifecycle: An approach for SMBs
Small businesses that lack the resources to implement the full MSDL can use its basic tenants to provide more secure software development. Tip
-
Creating a Java security framework that thwarts a Java exploit
The number of attacks on Java is steadily increasing, and many enterprises are unprepared for the threat. Get advice on how to lock down Java from expert Nick Lewis. Tip
-
SAP security tutorial: Top 10 SAP security implementation steps
Implementing SAP software securely isn't only the job of SAP specialists; the entire IT department has a role to play. Learn the top ten steps to a secure SAP implementation. Tip
- See more Tips on Secure Coding and Application Programming
-
Session fixation protection: How to stop session fixation attacks
Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection. Ask the Expert
-
Dynamic code analysis vs. static analysis source code testing
Managing vulnerabilities involves a wide array of security testing, including both dynamic and static source code analysis. Learn how the two differ, as well as how they are performed in this expert response. Ask the Expert
-
How to prevent Adobe hacks from affecting your organisation
In this expert response, find out why Adobe has been an enticing target for PDF attacks recently. Ask the Expert
-
Can fuzzing identify cross-site scripting (XSS) vulnerabilities effectively?
Fuzzing may find weaknesses in software, but the testing process can't find every flaw. Ed Skoudis explains what other tools are necessary when looking for cross-site scripting vulnerabilities. Ask the Expert
-
Has cross-site scripting evolved?
It's astounding what is being done with browser scripts these days. In this expert Q&A, Ed Skoudis explains how today's cross-site scripting attacks are a far cry from those of a decade ago. Ask the Expert
-
Can dynamic and static verification secure a platform?
The best software testing approach is to use a combination of static and dynamic verification tools that continually check for technical and logical vulnerabilities during the development cycle. Expert Michael Cobb examines each testing procedure in ... Ask the Expert
-
Should third-party software tools be used to customize applications?
Many features and functions required for today's network-ready applications can be purchased at a fraction of the cost that it would take to build them independently. But are they safe enough? Application security expert Michael Cobb explains. Ask the Expert
-
Should fuzzing be part of the secure software development process?
Fuzzing, a common software-testing method, should not be your only vulnerability assessment technique. In this SearchSecurity.com Q&A, Michael Cobb reviews how passing a fuzz test does not always mean that a program is bug-free. Ask the Expert
-
Survey roundup: Trends in IT security topics
Surveys on a variety of IT security topics highlighted key trends in Web application vulnerabilities, cloud computing concerns and the motivations behind attacks. Photo Story
-
Web application firewall: Protection against most security vulnerabilities?
Hugh Thompson, founder and chief security strategist at People Security, reviews why WAFs alone are not strong enough to tackle today's Web application threats. Video
-
CISSP Essentials training: Domain 6, Application and System Development
In this CISSP Essentials video, Domain 6, Application and System Development, expert CISSP exam trainer Shon Harris details how applications and systems are structured. Video
-
The future of exploit vulnerability research
At Information Security Decisions 2008, security researchers discuss the most vulnerable network points and the future of the SDLC. Video
-
Securing NoSQL applications: Best practises for big data security
NoSQL is great for big data, but security is often lacking in NoSQL applications. Davey Winder provides best practises for NoSQL security. Tip
-
Building a secure website and maintaining good website design
As a new website is developed, security goals often lose out to design aspirations. Learn how to keep security at the top of the priority list. Tip
-
A compliance strategy for the controversial cookie opt-in regulation
Businesses face many concerns with the PECR cookie law. Compliance expert Alan Calder offers a compliance strategy for the cookie opt-in regulation. Tip
-
Survey roundup: Trends in IT security topics
Surveys on a variety of IT security topics highlighted key trends in Web application vulnerabilities, cloud computing concerns and the motivations behind attacks. Photo Story
-
Session fixation protection: How to stop session fixation attacks
Session fixation attacks rely on poorly managed Web application cookies. Rob Shapland answers a reader’s question on session fixation protection. Ask the Expert
-
Windows security case study: Controlling Windows 7 user privileges
After migrating from Windows XP to Windows 7, Oxford University Press used Avecto’s Privilege Guard to control Windows 7 user privileges. News
-
Using Burp Suite proxy tool to examine client-side requests
The free Burp Suite proxy tool can be used for good or for bad. Expert Rob Shapland provides usage scenarios for both. Tip
-
Web application vulnerability statistics show security losing ground
New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks. News
-
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. News
-
Comet hit with lawsuit for alleged Microsoft Windows piracy
Microsoft is suing Comet, alleging the electronics retailer sold counterfeit Windows backup discs, but Comet claims it was just good customer service. News
- See more All on Secure Coding and Application Programming
About Secure Coding and Application Programming
Discover useful information from the pros on secure coding and application programming. Get tips on how to build your company's application security structure by developing secure coding and application programming standards and guidelines.