Secure Software Development
Home > Security Topics > Application Security > Secure Software Development
Security Topics:
EMAIL THIS
 TOPICS HOME   BROWSE ALL SECURITY TOPICS   SECURITY INFO CENTERS   RESOURCE CENTERS     RSS FEEDS 

Secure Software Development


Learn how to use security in the early stages of software development with this collection of news and expert advice. Get information about secure software development tools, threat modeling, and static and dynamic code analysis.
IN THIS TOPIC:  NEWS (81) , EXPERT TECHNICAL ADVICE (27) , REFERENCE & LEARNING (9) , MAGAZINE CONTENT (8) , WEBCASTS (2) , DEFINITIONS (6)

MUST READ
New algorithm promises to secure P2P content
ARTICLE - Three cryptographers have developed a secure P2P content distribution method without creating bottlenecks, and it could be a significant breakthrough in the encryption arena.
Breaking software easier than you think
ARTICLE - Whether you create applications or just use them, one way to make a system more secure is to understand how it's being exploited.
Software secured with CLASP
ARTICLE - New guidelines to bake security into the early stages of software development come just as teams feel the squeeze.

  NEWS: 1 - 3 of 81
New hacking technique exploits common NULL programming error
SearchSecurity.com | 21 Apr 2008
ARTICLE - A researcher has discovered a new hacking technique that exploits a programming vulnerability common in many applications.
Application hardening tools help repel software pirates
SearchSecurity.com | 20 Mar 2008
ARTICLE - Application hardening vendors can make life difficult for software pirates, forcing them to turn to more profitable, low-hanging fruit.
Federal aid helps uncover open source flaws
SearchSecurity.com | 10 Jan 2008
ARTICLE - A joint project with security vendor Coverity Inc. uncovered flaws in 11 open source projects, including Perl, PHP, Python, Samba and TCL.
VIEW ALL NEWS ON SECURE SOFTWARE DEVELOPMENT

  EXPERT TECHNICAL ADVICE: 1 - 3 of 27
SECURE SOFTWARE DEVELOPMENT EXPERTS
Michael Cobb
Founder and Managing Director, Cobweb Applications Ltd.
ASK A QUESTION
Will Cisco's plan to open access to the IOS improve network security?
21 Apr 2008
EXPERT ANSWER - If Cisco's initiative pans out, we're likely to see a number of new network management tools that integrate with IOS. Mike Chapple explains why that centralization will be a security improvement.
Best practices for using restriction policy whitelists
02 Apr 2008
EXPERT ANSWER - Ed Skoudis discusses which systems should be considered for software restriction policy whitelists, and unveils how whitelisting can improve security.
What software development best practices can prevent input validation attacks?
11 Feb 2008
EXPERT ANSWER - Improper input validation leads to numerous kinds of attacks, including cross-site scripting, SQL injection and command injection. In this expert Q&A, Michael Cobb reviews the most important application development practices.
VIEW ALL EXPERT TECHNICAL ADVICE ON SECURE SOFTWARE DEVELOPMENT

  REFERENCE & LEARNING: 1 - 3 of 9
Information security book excerpts and reviews
SearchSecurity.com | 20 Sep 2006
INFORMATION SECURITY BOOKSHELF - Visit the Information Security Bookshelf for book reviews and free chapter downloads.
Attacks targeted to specific applications
By Dan Sullivan, Realtimepublishers | 26 Jan 2007
BOOK CHAPTER - This is the fourth tip in our series, "How to assess and mitigate information security threats".
Architectural Risk Analysis: Traditional Risk Analysis Terminology
06 Feb 2006
BOOK CHAPTER -
VIEW ALL REFERENCE & LEARNING ON SECURE SOFTWARE DEVELOPMENT

  MAGAZINE CONTENT (free subscription required): 1 - 3 of 8
Application Security
Information Security Magazine | 01 May 2007
HOT PICK & PRODUCT REVIEWS - Watchfire's AppScan 7.0
Prospective Buyers Want Answers
Information Security Magazine | 01 Apr 2007
FEATURES - SANS WhatWorks The SANS Institute's WhatWorks program identifies three critical areas of concern for security managers.
Perspectives
Information Security Magazine | 01 Mar 2007
COLUMNS - Straw House
VIEW ALL MAGAZINE CONTENT ON SECURE SOFTWARE DEVELOPMENT

  WEBCASTS: 1 - 2 of 2
CISSP Essentials: Mastering the Common Body of Knowledge -- Class 6, Applications and System Development - Expert Webcast

VIEW WEBCAST
PREMIERED:   16 DEC 2004, 09:00 EST (14:00, GMT)
SUMMARY:   Applications and computer systems are usually developed for functionality first, not security. Listen to this presentation and learn how to build security into every system from the outset.
Five hidden tactics for secure programming - Expert Webcast

VIEW WEBCAST
PREMIERED:   28 SEP 2004, 12:00 EDT (16:00, GMT)
SUMMARY:   Discover the five fundamental steps of secure code development to help you cost-effectively address the root cause of the biggest security exposures in uncompiled code: design flaws.
VIEW ALL WEBCASTS ON SECURE SOFTWARE DEVELOPMENT

  DEFINITIONS: 1 - 3 of 6
fuzz testing
12 Dec 2007
WORD - Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system ...
Common Weakness Enumeration
27 May 2007
WORD - Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software. The dictionary is maintained by the MITRE Corporation and can be accessed free on a worldwide basis. ...
threat modeling
14 Feb 2006
WORD - Threat modeling is a procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system. In this context, a ...
VIEW ALL DEFINITIONS ON SECURE SOFTWARE DEVELOPMENT

SEE ALSO - Topics Related to Secure Software Development: 
Email Security, Secure IM, Web Security, Application Firewalls, Securing Productivity Applications, Database Security


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts