BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

Five key trends jolting software security in 2013

Column: Gary McGraw says five shifts in the IT landscape are affecting software security, but several BSIMM best practices can limit risk exposure.
Why can't I just ignore internal app security threats?

Securing internal applications requires the same due diligence as their Web-facing counterparts. Expert Michael Cobb explains why.
How many revisions make for good code review?

Expert Michael Cobb details how to argue for a multistep secure code review process like the Microsoft SDL, and the pros of secure coding practices.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What software development practices prevent input validation attacks?

Improper input validation leads to numerous kinds of attacks, including cross-site scripting, SQL injection and command injection. In this expert Q&A, Michael Cobb reviews the most important application development practices. Ask the Expert
Can fuzzing identify cross-site scripting (XSS) vulnerabilities?

Fuzzing may find weaknesses in software, but the testing process can't find every flaw. Ed Skoudis explains what other tools are necessary when looking for cross-site scripting vulnerabilities. Ask the Expert
Can dynamic and static verification secure a platform?

The best software testing approach is to use a combination of static and dynamic verification tools that continually check for technical and logical vulnerabilities during the development cycle. Expert Michael Cobb examines each testing procedure in ... Ask the Expert
Should third-party software tools be used to customize applications?

Many features and functions required for today's network-ready applications can be purchased at a fraction of the cost that it would take to build them independently. But are they safe enough? Application security expert Michael Cobb explains. Ask the Expert
Should fuzzing be part of the secure software development process?

Fuzzing, a common software-testing method, should not be your only vulnerability assessment technique. In this SearchSecurity.com Q&A, Michael Cobb reviews how passing a fuzz test does not always mean that a program is bug-free. Ask the Expert
Java programming resources

Find Java-specific resources here. Ask the Expert
Can we sue Microsoft for writing years of horrible code?

Ask the Expert
How do we protect development code from being stolen over the Internet?

Ask the Expert
Training for quality assurance

Ask the Expert
Educational growth in security industry for developer

Ask the Expert

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites