News

Eye On: Secure Software Development

This special report explores software security: reducing vulnerabilities and improving development processes.

SearchSecurity.com Staff

Published: 21 Apr 2011

Security pros find software code security improvements, weigh next step
Secure coding practices are improving at many software vendors, fueled by an increased emphasis on secure coding frameworks, training and new processes.

Organizational issues can trip up software remediation
Running an application security program requires more than a solid budget. It needs a person with deep knowledge of the organization and its engineering processes.

SearchSecurity.com's new "Eye On" series examines a security topic each month. In April, the series explores software security and the technologies and methodologies available to reduce vulnerabilities and improve software development processes.

Software code analysis firm gives security vendors poor marks
The latest study of application code by Veracode found many applications submitted by software makers are of “unacceptable security quality.”

Reviewing applications for security: Code review best practices
Developing secure application code isn’t easy. David Jacobs outlines best practices for keeping customers’ applications secure.

Cloud application security issues and considerations
Companies moving legacy applications to a cloud environment need to account for a different threat model, loss of control.

Preventing and detecting security vulnerabilities in Web applications
Web applications are often developed quickly with little thought to security. Expert Richard Brain explains how to detect common Web application flaws.

Secure SDLC best practices
While focus on technicalities is a given during the SDLC, this tip explains how to secure the SDLC, from the analysis phase right through to deployment.

MULTIMEDIA:
Marcus Ranum: The consequences of poor software design

Marcus Ranum discusses the consequences of poor software design and what can be done to ensure this does not happen in the future.

Podcast: David Ladd on the Microsoft SDL
David Ladd of Microsoft’s software security engineering team talks about the SDL and how it can be applied to improve the security of your software development processes.

Podcast: Chris Wysopal on software security and threat modeling
Chris Wysopal, co-founder and CTO of Veracode talks about the evolution of secure software development and the road ahead. Wysopal says threat modeling is the next step.

Video: Secure software development: Getting started
Chris Eng, senior security researcher at Veracode Inc., explains how firms can get started improving their software development processes.

Dig Deeper on Secure software development

Enterprise devs win with Veracode's SaaS security spinout Independent once again, Veracode will focus on its cloud-based test services that enable developers to add security to the software development lifecycle.

Study: government compliance-based vulnerability remediation is failing In its State of Software Security Report, Veracode has found the government has the most vulnerabilities and the lowest rate of remediation in developing Web and mobile apps.

How involved should execs be in software security programs? Video: Chris Wysopal of Veracode discusses how the role of security executives is evolving in application security and vendor management.

Chris Wysopal reveals new ways to monitor open source code security Video: Chris Wysopal of Veracode discusses the risks of externally sourced code and monitoring its use in the enterprise.

Enterprises at core of vendor software security testing, Veracode finds Less than one in five enterprises have requested code-level security tests from at least one vendor, but the volume of assessments is growing.

Chris Wysopal: Web application vulnerabilities an easy target Despite a decline in SQL injection errors over the last two years, attackers continue to find Web application flaws as easy targets, says Chris Wysopal of Veracode Inc.

SearchCloudSecurity

How to implement zero-trust cloud security

The nature of cloud environments and workloads is changing. Security team approaches must evolve in response. Learn how to ...

AWS Access Analyzer aims to limit S3 bucket exposures

Amazon Web Services introduced the Access Analyzer tool at its re:Invent event. The new option aims to help users avoid ...

How to evaluate CASB tools for multi-cloud deployments

When it comes to evaluating CASB tools, it's essential to be an informed customer. Identify your organization's usage and ...

SearchNetworking

Test your knowledge of SD-WAN deployments and testing

As SD-WAN becomes more mainstream, organizations must learn what to expect during all phases of deployment. Try your knowledge of...

4 SD-WAN vendors integrate with AWS Transit Gateway

Aruba, Cisco, Citrix and Silver Peak are among the first SD-WAN vendors to integrate their products with the AWS Transit Gateway.

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

Catch up on the different features available with the first wave of Wi-Fi 6, including OFDMA and Target Wake Time, and find out ...

SearchCIO

Top edge computing trends to watch in 2020

Edge computing is still an evolving technology domain and enterprises should expect continued evolution in the year ahead. Here ...

Shell, Halliburton, Unibap AB execs share real-world AI strategies

Technology advances like quantum computing mean AI's best years are still to come, but that doesn't mean companies aren't already...

What's the difference between RPA and IPA?

To prepare for robotic process automation combined with the more sophisticated intelligent process automation, CIOs first need to...

SearchEnterpriseDesktop

Microsoft extends Office 365 benefit to nonprofit volunteers

Thursday's announcement extends the company's September offering of 10 free Microsoft 365 Business licenses for nonprofits' ...

Cut through confusion of the digital workspace market

What is a digital workspace, exactly? Find out the definition of this new technology, what it means for the future of end-user ...

Windows 10 issues top list of most read stories for IT pros

IT pros seemed focused on the latest Microsoft OS, based on our most read stories for 2019. That may not come as a surprise, ...

SearchCloudComputing

Get started with Azure tags

The more Azure resources an organization consumes, the harder it becomes to track those resources. Proper tagging can help manage...

Review these Azure Service Bus best practices

When applications talk, you need to listen. Learn about Microsoft's cloud messaging service, its main features, best practices to...

Instill cloud change management best practices

Automation is essential to change management in the cloud. Discover the best practices that ensure your IT team is in sync and ...

ComputerWeekly.com

Cloud computing surges in the UAE in 2019

Cloud computing take-up saw a significant acceleration in the Middle East throughout this year

Dutch organisations demand more from government

In this e-guide read about the findings of an investigation into the IT used by the Dutch government. It doesn’t make good ...

UK government supports online counter-extremism

Work under the Building a Stronger Britain Together programme is due to be completed this month

Eye On: Secure Software Development

This special report explores software security: reducing vulnerabilities and improving development processes.

Dig Deeper on Secure software development

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

How to evaluate CASB tools for multi-cloud deployments

SearchNetworking

Test your knowledge of SD-WAN deployments and testing

4 SD-WAN vendors integrate with AWS Transit Gateway

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

SearchCIO

Top edge computing trends to watch in 2020

Shell, Halliburton, Unibap AB execs share real-world AI strategies

What's the difference between RPA and IPA?

SearchEnterpriseDesktop

Microsoft extends Office 365 benefit to nonprofit volunteers

Cut through confusion of the digital workspace market

Windows 10 issues top list of most read stories for IT pros

SearchCloudComputing

Get started with Azure tags

Review these Azure Service Bus best practices

Instill cloud change management best practices

ComputerWeekly.com

Cloud computing surges in the UAE in 2019

Dutch organisations demand more from government

UK government supports online counter-extremism

Related Resources

Dig Deeper on Secure software development

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.