Secure Software Development

MUST READ New algorithm promises to secure P2P content ARTICLE - Three cryptographers have developed a secure P2P content distribution method without creating bottlenecks, and it could be a significant breakthrough in the encryption arena. Breaking software easier than you think ARTICLE - Whether you create applications or just use them, one way to make a system more secure is to understand how it's being exploited. Software secured with CLASP ARTICLE - New guidelines to bake security into the early stages of software development come just as teams feel the squeeze.

NEWS: 1 - 3 of 81

	New hacking technique exploits common NULL programming error SearchSecurity.com | 21 Apr 2008 ARTICLE - A researcher has discovered a new hacking technique that exploits a programming vulnerability common in many applications.

	Application hardening tools help repel software pirates SearchSecurity.com | 20 Mar 2008 ARTICLE - Application hardening vendors can make life difficult for software pirates, forcing them to turn to more profitable, low-hanging fruit.

	Federal aid helps uncover open source flaws SearchSecurity.com | 10 Jan 2008 ARTICLE - A joint project with security vendor Coverity Inc. uncovered flaws in 11 open source projects, including Perl, PHP, Python, Samba and TCL.

	VIEW ALL NEWS ON SECURE SOFTWARE DEVELOPMENT

EXPERT TECHNICAL ADVICE: 1 - 3 of 27

SECURE SOFTWARE DEVELOPMENT EXPERTS
			Michael Cobb Founder and Managing Director, Cobweb Applications Ltd. ASK A QUESTION

	Will Cisco's plan to open access to the IOS improve network security? 21 Apr 2008 EXPERT ANSWER - If Cisco's initiative pans out, we're likely to see a number of new network management tools that integrate with IOS. Mike Chapple explains why that centralization will be a security improvement.

	Best practices for using restriction policy whitelists 02 Apr 2008 EXPERT ANSWER - Ed Skoudis discusses which systems should be considered for software restriction policy whitelists, and unveils how whitelisting can improve security.

	What software development best practices can prevent input validation attacks? 11 Feb 2008 EXPERT ANSWER - Improper input validation leads to numerous kinds of attacks, including cross-site scripting, SQL injection and command injection. In this expert Q&A, Michael Cobb reviews the most important application development practices.

	VIEW ALL EXPERT TECHNICAL ADVICE ON SECURE SOFTWARE DEVELOPMENT

REFERENCE & LEARNING: 1 - 3 of 9

	Information security book excerpts and reviews SearchSecurity.com | 20 Sep 2006 INFORMATION SECURITY BOOKSHELF - Visit the Information Security Bookshelf for book reviews and free chapter downloads.

	Attacks targeted to specific applications By Dan Sullivan, Realtimepublishers | 26 Jan 2007 BOOK CHAPTER - This is the fourth tip in our series, "How to assess and mitigate information security threats".

	Architectural Risk Analysis: Traditional Risk Analysis Terminology 06 Feb 2006 BOOK CHAPTER -

	VIEW ALL REFERENCE & LEARNING ON SECURE SOFTWARE DEVELOPMENT

MAGAZINE CONTENT (free subscription required): 1 - 3 of 8

	Application Security Information Security Magazine | 01 May 2007 HOT PICK & PRODUCT REVIEWS - Watchfire's AppScan 7.0

	Prospective Buyers Want Answers Information Security Magazine | 01 Apr 2007 FEATURES - SANS WhatWorks The SANS Institute's WhatWorks program identifies three critical areas of concern for security managers.

	Perspectives Information Security Magazine | 01 Mar 2007 COLUMNS - Straw House

	VIEW ALL MAGAZINE CONTENT ON SECURE SOFTWARE DEVELOPMENT

WEBCASTS: 1 - 2 of 2

	CISSP Essentials: Mastering the Common Body of Knowledge -- Class 6, Applications and System Development - Expert Webcast VIEW WEBCAST PREMIERED:   16 DEC 2004, 09:00 EST (14:00, GMT) SUMMARY:   Applications and computer systems are usually developed for functionality first, not security. Listen to this presentation and learn how to build security into every system from the outset.

	Five hidden tactics for secure programming - Expert Webcast VIEW WEBCAST PREMIERED:   28 SEP 2004, 12:00 EDT (16:00, GMT) SUMMARY:   Discover the five fundamental steps of secure code development to help you cost-effectively address the root cause of the biggest security exposures in uncompiled code: design flaws.

	VIEW ALL WEBCASTS ON SECURE SOFTWARE DEVELOPMENT

DEFINITIONS: 1 - 3 of 6

	fuzz testing 12 Dec 2007 WORD - Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system ...

	Common Weakness Enumeration 27 May 2007 WORD - Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software. The dictionary is maintained by the MITRE Corporation and can be accessed free on a worldwide basis. ...

	threat modeling 14 Feb 2006 WORD - Threat modeling is a procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system. In this context, a ...

	VIEW ALL DEFINITIONS ON SECURE SOFTWARE DEVELOPMENT

	SEE ALSO - Topics Related to Secure Software Development:  Email Security, Secure IM, Web Security, Application Firewalls, Securing Productivity Applications, Database Security