Software Integrity Blog

Archive for 2015

 

A look at the U.S. smart grid security posture

There are three main components of any energy network: generation, transmission, and distribution. The modern energy industry has come a long way since it was a simple web of electrical devices. The system, now called a ‘smart grid,’ involves a highly integrated network of hardware and software components performing high-end computing and decision-making activities with minimal human involvement. The addition of such complex components to the basic energy grid attributes to the ‘smartness’ of the smart grid.

Continue Reading...

Posted in General | Comments Off on A look at the U.S. smart grid security posture

 

How to mitigate your third-party mobile keyboard risk

What is the best form of cyber security defense? Well, as I always maintain, it’s user awareness! The implementation of a comprehensive user awareness policy carries a lot of weight and, when abided by, effectively complements the many technological solutions available.

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design | Comments Off on How to mitigate your third-party mobile keyboard risk

 

Android WebViews and the JavaScript to Java bridge

Since a WebView is a browser control in an app, it invites traditional attacks associated with the web. We examine how to protect against these attacks.

Continue Reading...

Posted in Mobile Application Security | Comments Off on Android WebViews and the JavaScript to Java bridge

 

The top hacking techniques of 2015 and how they work

This year has been another banner year both in terms of security and vulnerability discovery. There have been many leaks and attacks, most of which were probably executed with older techniques. But, there are also a few new attack patterns worth highlighting which were revealed this year.

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design, Web Application Security | Comments Off on The top hacking techniques of 2015 and how they work

 

Software security myth #7: Only high-risk applications need to be secured

Q: Why can’t I just secure my high-risk applications? A: Any vulnerability in any application increases your attack surface. Risk management is essential.

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on Software security myth #7: Only high-risk applications need to be secured

 

Cross-site scripting (XSS) vulnerabilities

Cross-site scripting vulnerabilities show up in all kinds of code. Let’s review a couple simple fixes that will help you eliminate XSS from your Java code.

Continue Reading...

Posted in Web Application Security | Comments Off on Cross-site scripting (XSS) vulnerabilities

 

Securing the Internet of ALL THE THINGS: Understanding the problem

How do we ensure that we’re giving our IoT devices enough scrutiny before releasing them? Securing IoT devices requires understanding IoT security.

Continue Reading...

Posted in Internet of Things | Comments Off on Securing the Internet of ALL THE THINGS: Understanding the problem

 

What are cryptographic hash functions?

What are cryptographic hash functions? Here are some variations that can improve your cryptographic hashes and provide a stronger barrier against attacks.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on What are cryptographic hash functions?

 

What is cross-site request forgery (CSRF)?

Cross-site request forgery (CSRF) is an attack in which a malicious web site, email, blog, instant message, or other program makes the victim’s web browser perform a function without the victim’s initial knowledge, on a trusted site where the user is currently authenticated.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on What is cross-site request forgery (CSRF)?

 

What is a static analysis tool?

A static code analysis tool is an automated tool used to perform static analysis, also known as static application security testing (SAST). SAST is the process of assessing software without executing it.  SAST is most commonly performed on source code, but can also be performed on compiled binaries or object code produced for interpreted languages.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on What is a static analysis tool?