Security Management Strategies for the CIOAccess "Software code review: Code testing to identify vulnerabilities"
This article is part of the January 2003 issue of Negative exposure: Web scanners reveal unknown holes
How many people spend thousands of hours developing a software solution, finally getting it to work, and then attempt to break it? Not many, apparently. The software industry is in a state of disarray as hackers continue to get the best of developers, finding vulnerabilities in places where no one remembers to look. Buffer overflows, SQL injection errors and covert channel attacks are just a few of the ways hackers can trip up the unsuspecting developer. And the "point-and-click" world has made these opportunities available to any kid with a computer hooked up to the Internet. The only way to address this problem is to play by hacker rules and beat them to the punch. In software development, this means attacking your own software-testing for failure. Cenzic offers a tool, Hailstorm, that helps developers build security into their code. Why Hailstorm? Why go through the hassle and cost of rigorous security testing? Well, for one thing, the argument for securing code is more compelling than the excuses for failing to do so. It makes economic sense. A recent ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Web application security scanners: How effective are they?
by Kelly White & Yong-Gon Chon
How good are Web application scanners at rooting out vulnerabilities? We test two of the leading tools head-to-head to find out.
-
Software code review: Code testing to identify vulnerabilities
New tools ease the burden of building secure code.
-
The declining need of accelerator cards
Cheap, more efficient general-purpose chips are reducing the need for accelerator cards.
-
IT security supports increased federal cybersecurity law, survey finds
by Andrew Briney
IT security supports increased federal cybersecurity law, according to an Information Security survey.
-
Security liability: Who's to blame for a data security breach?
Who's responsible for security breaches? Short answer: everyone.
-
Web application security scanners: How effective are they?
by Kelly White & Yong-Gon Chon
-
-
Web-based application infrastructure: Extended connectivity means more risk
Do you know how Web-based application infrastructures are built and used? Learn how in this story.
-
Understanding encryption and cryptography basics
Cryptography doesn't have to be so cryptic. Here's a primer, in plain English, to walk you through the basics.
-
Product review: ForeScout Technologies's ActiveScout 2.5
ForeScout Technologies's ActiveScout 2.5 stops malicious traffic outside the network perimeter, but only under certain conditions.
-
More cybersecurity laws needed for operational IT security
by Andrew Briney
The U.S. has already adopted several cybersecurity laws, but few affect operational IT security.
-
Information security laws: Are they worth it for your organization?
by Andrew Briney
Who wants the government's help? Who wants to be left alone? Are information security laws worth it for your organization?
-
Web-based application infrastructure: Extended connectivity means more risk
-
Columns
-
Defining IT security resolutions
by Andrew Briney
Editor-in-chief Andrew Briney offers five IT security resolutions for the New Year that he hopes the industry takes to heart.
-
Examining infosec hackers of the past and how they affect cybersecurity laws
Learn about hackers who have been caught in the past and how it effects IT.
-
How to harden Windows to improve security
How to harden a Windows box to improve security without impairing functionality.
-
Using routers to improve network firewall security
As businesses expose systems to the Internet, it's important to revisit how routers can act as the "suspenders" to the firewall "belt."
-
Taking action: Understanding the importance of information security
by Jay Heiser, Contributor
The British have a marvelous word, "whinging"--the practice of complaining without doing anything about it. Security practitioners love to "whinge."
-
Understanding the balance between privacy and security
Cooperation, compromise is needed to resolve the growing tension between security and privacy.
-
Defining IT security resolutions
by Andrew Briney
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...