Software Integrity

Archive for November 2010

 

BSIMM Community Conference

We just hosted the first ever BSIMM Community Conference in Annapolis, MD this week. I’m proud to say it was a smash hit. The schedule was packed full of interesting talks from leaders among the BSIMM Community including Microsoft, Intel, Salie Mae, JP Morgan Chase, QUALCOMM, Fidelity, Adobe and Cigital, but by far the most […]

Continue Reading...

Posted in Financial Services Security, Insurance Provider Security, Maturity Model (BSIMM), Security Conference or Event, Software Security Testing | Comments Off on BSIMM Community Conference

 

Securing URL redirects

Can attackers control URL redirection functionality exposed by your application? Unvalidated Redirects and Forwards is #10 on the 2010 OWASP Top Ten 10 List. Sites that are vulnerable often expose a servlet or server-side script that constructs the URL being transferred to using data that is received from the client (i.e., something that can be […]

Continue Reading...

Posted in OWASP, Secure Coding Guidelines, Software Security Testing | Comments Off on Securing URL redirects