Software Integrity

Search Results for 'owasp'

 

What’s happening with the OWASP Top 10 2017?

One of my favorite books, “The Hitchhiker’s Guide to the Galaxy,” describes itself in the introduction like this: In many of the more relaxed civilizations on the Outer Eastern Rim of the Galaxy, the Hitchhiker’s Guide has already supplanted the great Encyclopedia Galactica as the standard repository of all knowledge and wisdom, for though it […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on What’s happening with the OWASP Top 10 2017?

 

OWASP Top 10 2017: But is it fixed?

Months back, I called outright for the removal of “A7: Insufficient Attack Protection” from the OWASP Top 10. The OWASP Top 10 team recently published a second release candidate (RC2) for OWASP Top 10 2017—and A7, which was in RC1, is conspicuously absent. So is the Top 10 fixed? My argument to remove A7 was […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on OWASP Top 10 2017: But is it fixed?

 

Learn how to customize the OWASP Top 10 to fit your firm

A list of critical web application security vulnerabilities is a necessary risk management tool. Equally true is that each organization has a different set of vulnerabilities plaguing their applications. To complete a trifecta of fundamental truths, crowdsourced lists such as the OWASP Top 10 rarely reflect an individual organization’s priorities. Given all that, many organizations […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on Learn how to customize the OWASP Top 10 to fit your firm

 

OWASP Top 10—A7: Request for removal and replacement

Foreword by Jim Ivers Vice President, Marketing, Synopsys Software Integrity Group If you’re a software security professional, you’re probably familiar with the OWASP Top 10. Even if you aren’t in the AppSec trenches every day, you may have heard of it. It’s a widely referenced list of the 10 most critical web application security risks […]

Continue Reading...

Posted in Uncategorized | Comments Off on OWASP Top 10—A7: Request for removal and replacement

 

OWASP Top 10: Application security risks

OWASP Top 10 raises awareness of the challenges organizations face in ensuring web application security in a changing application security environment. How do you address application security risks in your organization? Your chance to contribute to the OWASP Top 10 2016 report expired July 20, 2016. This was rare opportunity to influence best practices in web operations. […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on OWASP Top 10: Application security risks

 

3 reasons why the most common OWASP risks are STILL on the list after 10 years

In 2016, OWASP will publish the fifth iteration of the OWASP Top 10. First released in 2004, the OWASP Top 10 is a popular enumeration of the 10 most important web application security vulnerabilities as determined by severity as well as real world prevalence. As we await publication of this latest version, we can’t help […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on 3 reasons why the most common OWASP risks are STILL on the list after 10 years

 

An OWASP interaction model

Out at AppSec USA, the OWASP board met and decided that it was valuable to support a partnership model with private industry. The aim: figure out a way to allow private (or federal) organizations to shape existing OWASP assets to better meet their needs. Better meeting an organization’s needs will likely involve: Integration with standard-fare […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on An OWASP interaction model

 

Want to close the software security skills gap? Tanya Janca says start mentoring!

Tanya Janca believes that one of the reasons most connected products are insecure from day one is the software security skills gap that comes from developers not learning security in school. Her solution: Those who know should teach those who don’t. Janca discusses mentoring in the software security industry with us. Tanya Janca has no […]

Continue Reading...

Posted in General | Comments Off on Want to close the software security skills gap? Tanya Janca says start mentoring!

 

How to integrate cloud security into your SSI

Every organization that develops or integrates software needs a software security initiative (SSI)—that has been true for years. Security is, or ought to be, as important as function and features. What is also true now, given that the large majority of organizations have already migrated or are planning to migrate some or all of their […]

Continue Reading...

Posted in Cloud Security | Comments Off on How to integrate cloud security into your SSI

 

How to help your medical devices meet the UL (and FDA) standard

The recent announcement by the Federal Food and Drug Administration (FDA) that it has adopted the ANSI (American National Standards Institute)-approved UL 2900-2-1 as a “consensus standard” for premarket certification of medical devices means the world is about to change—for the better. Especially for patients. Any effort to overhaul the cyber security of connected medical […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security | Comments Off on How to help your medical devices meet the UL (and FDA) standard