Security Management Strategies for the CIO
Email Alerts
-
Geekonomics: The Real Cost of Insecure Software
In Chapter 1 of his new book, "Geekonomics: The Real Cost of Insecure Software," David Rice examines why software manufacturers continue to produce (and consumers continue to purchase) unreliable and insecure software. Book Chapter
-
Cross-build injection attacks: Keeping an eye on Web applications' open source components
Web application developers' growing dependence on open source components has opened the door for attackers to insert malicious code into applications even as they are being built. Michael Cobb explores the emerging attack method called cross-build in... Tip
-
Group releases Java standards for secure development
The Secure Programming Council is releasing a set of essential skills for Java developers in an effort to improve software security and educate new programmers. Article
-
Watchfire releases scanner update under IBM umbrella
Watchfire is adding features to its AppScan software in the first update to its flagship product since being acquired by IBM in June. Article
-
CSI 2007: Developers need Web application security assistance
It's unrealistic to expect Web application developers to become security pros, but industry experts say there are ways to help them create code with fewer problems. Article
-
Tech vendors team up for secure software development
A new group of technology vendors, including Microsoft and Symantec, are joining together to raise awareness about the need for more secure code. Article
-
Can fuzzing identify cross-site scripting (XSS) vulnerabilities?
Fuzzing may find weaknesses in software, but the testing process can't find every flaw. Ed Skoudis explains what other tools are necessary when looking for cross-site scripting vulnerabilities. Ask the Expert
-
Automated app scanners simplify security
Application scanning tool vendors are growing in popularity driven by the growing need to discover exploitable holes in static and dynamic Web code. Article
-
How to avoid dangling pointers: Tiny programming errors leave serious security vulnerabilities
For years, many have said that there is no practical way to exploit a dangling pointer, a common application programming error. But these software bugs should no longer be thought of as simple quality-assurance problems. Michael Cobb explains how th... Tip
-
Will new Sulley framework take fuzzing to next level?
Pedram Amini, head of TippingPoint's security research group, has been busy with Aaron Portnoy, touting a new tool for functional protocol testing (also known as "black-box testing" or "fuzzing,"). He co-wrote the recently-released book "Fuzzing: Bru... Interview