Problem solve

Secure software development

• How concerned should I be about a padding oracle attack?

  Padding oracle attacks have long been well-known and well-understood. Find out how they work and why using modern encryption protocols can reduce the risks. Continue Reading

• What issues can arise from hardware debug exception flaws?

  Misinterpretation of Intel's System Programming Guide resulted in a hardware debug exception vulnerability. Expert Michael Cobb explains how attackers can gain unauthorized access. Continue Reading

• Secure code review tips: How many review rounds are needed?

  Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices. Continue Reading

• Foxit Reader vulnerabilities: What can be done to mitigate them?

  Two critical, zero-day Foxit Reader vulnerabilities haven't been patched and pose a threat to enterprises. Judith Myerson explains the vulnerabilities and how to mitigate them. Continue Reading

• How can DevOps application lifecycle management protect digital keys?

  Better DevOps application lifecycle management can help protect cryptographic and digital keys. Expert Judith Myerson explains the right approaches to secure DevOps. Continue Reading

• Why the citizen developer trend is bugging infosec teams

  Automated tools are making it easier for citizen developers to build and deploy applications quickly. But is that a good thing for enterprise security teams?Continue Reading

• Building an application security program: Why education is key

  Education and training are crucial parts of a strong application security program. Sean Martin explains how enterprises should build these elements into their programs.Continue Reading

• How can common mobile application security risks be reduced?

  A new Veracode report offers details on common mobile application security risks. Expert Michael Cobb explains these flaws, and what developers can do to reduce them.Continue Reading

• How can software transplants fix bad code?

  Copying and pasting bad code into an application is a big problem for developers, but software transplants can help. Expert Michael Cobb explains the technology.Continue Reading

• Code security: Can a continuous delivery model be secured?

  Continuous code delivery is critical in certain scenarios, but it's not always the most secure approach. Michael Cobb explains how to secure code in a continuous delivery model.Continue Reading

• McGraw: Seven myths of software security best practices

  According to expert Gary McGraw, you're not helping yourself by believing the things -- all seven of them -- you've heard about secure software development.Continue Reading

• Formal verification is the oldest new game in town

  Security gamification puts formal verification back in play.Continue Reading

• Are HTML5 mobile apps an enterprise security concern?

  Gartner predicts more than half of all mobile apps will use HTML5 by 2016, but what threats will this cause the enterprise? Expert Michael Cobb discusses.Continue Reading

• Is RASP the answer to secure software delivery?

  Traditionally, ensuring secure software delivery has meant relying on static scanning and dynamic fuzzing. There’s now an alternative: the runtime application self-protection, or RASP, method. This ISM Insider Edition looks at all that's gone...Continue Reading

• Algorithm substitution attacks: Ensuring encryption algorithm security

  Algorithm substitution attacks can decrypt secure communications and potentially expose enterprise data in plaintext. Learn how to mitigate the threat.Continue Reading