Software Integrity

Archive for September 2013

 

Touch ID: Yea or nay?

Unsurprisingly, German hackers were able to produce a fingerprint prosthetic allowing an attacker to defeat Apple’s TouchID within days of the iPhone 5S release. Media coverage abounds, as has reaction to the attack and discussion about biometrics, multi-factor authentication, and-of course-death of the pin/password. Unfortunately, the password’s death has been reported early None of us […]

Continue Reading...

Posted in Mobile Application Security, Threat Modeling | Comments Off on Touch ID: Yea or nay?

 

Gimme a break

Recently, Linux kernel developers have picked up use of Coverity Scan by addressing new defects found in recently submitted patches. One developer, Dave Jones, noticed a change to remove a fall through comment on a switch case: > case MPOL_BIND: > – /* Fall through */ > case MPOL_INTERLEAVE: > nodes = pol->v.nodes; > break; […]

Continue Reading...

Posted in Application Security, Static Analysis (SAST) | Comments Off on Gimme a break

 

Making the Struts2 app more secure: Don’t include Config Browser

Struts2 allows a developer to include other Struts2 applications via the Plugin architecture. From the site: Struts2 plugins contain classes and configuration that extend, replace, or add to existing Struts framework functionality. A plugin can be installed by adding its JAR file to the application’s class path, in addition to the JAR files to fulfill whatever dependencies […]

Continue Reading...

Posted in Application Security, Vulnerability Assessment | Comments Off on Making the Struts2 app more secure: Don’t include Config Browser