BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

Five key trends jolting software security in 2013

Column: Gary McGraw says five shifts in the IT landscape are affecting software security, but several BSIMM best practices can limit risk exposure.
Why can't I just ignore internal app security threats?

Securing internal applications requires the same due diligence as their Web-facing counterparts. Expert Michael Cobb explains why.
How many revisions make for good code review?

Expert Michael Cobb details how to argue for a multistep secure code review process like the Microsoft SDL, and the pros of secure coding practices.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Is it safe to use third-party code when developing database applications?

Michael Cobb explains how you can safely use third-party code, such as DLLs, when developing database applications. Ask the Expert
Static analysis tools boost security, but integration still an issue

Code analysis tools are available and help improve security, but why do some firms shun them? Article
Secure software development is difficult, but tools, techniques improving, expert says

The SANS Institute and MITRE Corp. issued an update to the CWE/SANS Top 25 Programming Errors List last week, focusing mitigation techniques that could be adopted into the security development lifecycle to he... Interview
SANS Institute, MITRE release new top 25 dangerous coding errors list

The latest list adds profiles to help organizations tailor the list to their needs and mitigation techniques to help software developers apply better practices to the SDL. Article
Securing naming and directory services for application defense-in-depth

There are several aspects of naming and directory services when it comes to security. In this tip, part of the SearchSecurity.com Application Security School lesson, learn how to secure LDAP, as well as how application security teams can work with in... Tip
Improving software with the Building Security in Maturity Model (BSIMM)

Learn about the Building Security in Maturity Model (BSIMM), a software security framework that emphasizes attack models, software security testing, code review and compliance policies. Also, does your company have a software security group (SSG)? Tip
Tips for writing secure SQL database code

Writing secure code is always a challenge, but it is particularly necessary for SQL databases that would otherwise be vulnerable to SQL injection attacks. Get tips on how to write secure SQL database code in this expert response. Ask the Expert
Microsoft extends SDL program, adds Agile development template

Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced. Article
Malware in Google attacks uses spaghetti code

Coding technique designed to tie up reverse engineers has been used in the past, Symantec says. News
Self-defending Web applications thwart attacks

Michael Coates, a volunteer with OWASP, is leading a project that helps developers inject code into applications to give them self-defense mechanisms. News

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites