BSIMM4: Secure development's measuring stick

BSIMM4: Secure development's measuring stick

The fourth iteration of the Building Security In Maturity Model project is a tool you can use as a measuring stick for software security initiatives.
MORE HIGHLIGHTS

How enterprises should react to OWASP's updated Top 10

Expert Michael Cobb highlights the changes made in the 2013 OWASP Top 10 list, including new vulnerabilities and what they mean for enterprises.
Opinion: Attack those software architecture flaws

Many defects aren't found with code review. Gary McGraw and Jim DelGrosso think architectural risk analysis is a must to uncover software flaws.
How to reduce open source code security risk

Expert Michael Cobb explains why enterprises need better open source code management to negate the security risks posed by open source libraries.

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Enterprise security in 2008: Building trust into the application development process

The Storm botnet, launched a year ago, proved that malicious hackers were developing more sophisticated botnets -- and more sophisticated business strategies. As Michael Cobb explains, it's just one reason why application security pros need to keep a... Tip
Cross-build injection attacks: Keeping an eye on Web applications' open source components

Web application developers' growing dependence on open source components has opened the door for attackers to insert malicious code into applications even as they are being built. Michael Cobb explores the emerging attack method called cross-build in... Tip
How to avoid dangling pointers: Tiny programming errors leave serious security vulnerabilities

For years, many have said that there is no practical way to exploit a dangling pointer, a common application programming error. But these software bugs should no longer be thought of as simple quality-assurance problems. Michael Cobb explains how th... Tip
Dynamic code obfuscation: New threat requires innovative defenses

Dynamic code obfuscation used to be a taxing effort, but now even the most junior-level malicious hackers have learned how to effectively hide their code. In this tip, Michael Cobb examines how dynamic code obfuscation works, why it's on the rise and... Tip
Ten dos and don'ts for secure coding

Security practitioners should understand how developers introduce security vulnerabilities into applications and work to support the developers in improving code quality and security. Encouragement and support for improvement must be a fundamental pa... Tip
The methodology of software creation/distribution

Learn what steps companies must follow to ensure the software they create and distribute is secure. Tip
Checklist for building better software

Learn how to reduce the number of security vulnerabilities introduced to software during the development process. Tip
Microsoft tossing money away

In its pursuit of more secure software, Microsoft announces $1 million in grants to support development advances, but it's unlikely to make a difference. Tip
Security issues of using shared code

Security pros need to be aware of code that is being "borrowed" for custom applications. Tip
Mini-tutorial: The Java security model

Mike Chapple takes a look under the hood of Java. Tip

Latest Headlines

Featured

E-Books

E-Zines

E-Handbooks

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

MORE HIGHLIGHTS

Software Development Methodology

Email Alerts

More from Related TechTarget Sites