Software Security

Archive for April 2013

 

Mobile: Different or same sh*t different day?

Mobile security the ‘same problem’ as web application security? Is it just ‘different day’? I’ve watched organizations and mobile thought leaders argue perspectives on this question back and forth for years. The answer is, of course: both. Mobile security inherits previous problems and solutions while bringing its own unique ones. Let’s get specific about what’s […]

Continue Reading...

Posted in Mobile Application Security, Threat Modeling | Comments Off on Mobile: Different or same sh*t different day?

 

Business logic: High frequency trading’s security lessons

Associated Press’s Twitter feed was hacked a posted tweet indicated that the president was injured in an explosion. The market momentarily lost $136 billion (*). This event is instructive to security folk.  Building security in requires understanding it as an emergent property (let’s avoid the often misused term “business logic flaw”). I spent significant time […]

Continue Reading...

Posted in Software Security Testing | Comments Off on Business logic: High frequency trading’s security lessons