Home > Security News > Software still plagued with security holes, researcher says
Security News:
EMAIL THIS

Software still plagued with security holes, researcher says

By Neil Roiter, Senior Technology Editor, Information Security magazine
30 Jun 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Greg Hoglund, a noted security researcher and author who specializes in Windows rootkits and secure coding, explains why software is just as vulnerable today as it was in 1999. Hoglund is CEO of HBGary, a security risk assessment firm based in El Dorado Hills, Calif. Hoglund is a highly regarded expert on software application security and the malware used to exploit it. He created and documented the first Windows NT-based rootkit.

  Greg Hoglund on secure coding: 

  Program Links: 

  • Gary McGraw on secure software development: In this video, Gary McGraw of Cigital Inc. explains why better secure coding could help thwart future Web 2.0 attacks. He says the industry is making progress.

  • Tech vendors team up for secure software development: A new group of technology vendors, including Microsoft and Symantec, are joining together to raise awareness about the need for more secure code.

  • Report: Companies still stumped by PCI DSS: A VeriSign review of PCI Data Security Standard (PCI DSS) assessments it conducted found that more than half were still stumbling on the path to compliance.

  • Group releases Java standards for secure development: The Secure Programming Council is releasing a set of essential skills for Java developers in an effort to improve software security and educate new programmers.

  • Information Security podcasts: Visit SearchSecurity's podcast archive.



    Tags: Software Development MethodologyApplication Attacks (Buffer Overflows, Cross-Site Scripting)Malware, Viruses, Trojans and SpywareVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



    RELATED CONTENT
    Software Development Methodology
    Quiz: How to build secure applications
    How to detect software tampering
    Developers Need Help with Security Errors
    Does an EULA make it truly illegal to decompile software?
    SQL injection continues to trouble firms, lead to breaches
    IBM acquires Ounce Labs for source code analysis
    Microsoft issues emergency Active Template Library updates
    Software security threats and employee awareness training
    Adobe patches ColdFusion vulnerability blocking website attack
    nCircle statistics show rising Web application vulnerabilities

    Application Attacks (Buffer Overflows, Cross-Site Scripting)
    Quiz: How to build secure applications
    Black box and white box testing: Which is best?
    Adobe warns of critical update for Reader, Acrobat 9.1.3
    9 Ways to Improve Application Security After an Incident
    Developers Need Help with Security Errors
    Buffer overflow tutorial: How to find vulnerabilities, prevent attacks
    SQL injection protection: A guide on how to prevent and stop attacks
    Experts rebuke programmers who use SQL injection as feature
    SANS: Application threats, website flaws pose biggest security threats
    Mozilla helps Adobe push out faster patches
    Application Attacks (Buffer Overflows, Cross-Site Scripting) Research

    Malware, Viruses, Trojans and Spyware
    Increase in Gumblar backdoors poses FTP credential problems
    Hackers to sharpen malware, malicious software in 2010
    iPhone worm Rickrolls jailbroken phones
    Israeli Mossad add Trojan Horse to Syrian laptop
    Schneier-Ranum Face-Off: Is antivirus dead?
    Modern malware, stealthy botnets, adapt quickly, expert says
    Computer worm infections up, scareware antivirus down, Microsoft says
    Web-based attacks skyrocket, pirating sites surge, security firms say
    Mini guide: How to remove and prevent Trojans, malware and spyware
    Kaspersky system analyzes malicious URLs on Twitter for malware

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    bypass  (SearchSecurity.com)
    Common Weakness Enumeration  (SearchSecurity.com)
    debugging  (SearchSoftwareQuality.com)
    fuzz testing  (SearchSecurity.com)
    heuristics  (SearchSoftwareQuality.com)
    sandbox  (SearchSecurity.com)
    threat modeling  (SearchSecurity.com)
    trigraph  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    • More Tips to Secure Your Network
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts