Software Integrity

Search Results for 'secure coding guidelines'

 

Threats obvious, but electronic voting systems remain insecure

Election security requires that voters trust the results. But many U.S. electronic voting systems are clearly insecure, and untrustworthy. What are we doing about it?

Continue Reading...

Posted in Critical Infrastructure Security, Government Security | Comments Off on Threats obvious, but electronic voting systems remain insecure

 

The 4 most important secure development disciplines

Being the most innovative and successful cloud monitoring company on the market, developing new features to production every day, it’s not only crucial to deliver the best user experience, performance and high reliability, but also guarantee the highest SECURITY for our customers. To not let security measures slow down our agile and innovative value creation […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Cloud Security, Static Analysis (SAST), Web Application Security | Comments Off on The 4 most important secure development disciplines

 

A journey through the secure software development life cycle phases

  Most organizations follow common development processes when creating software. Unfortunately, these processes offer little support to construct secure software as they typically identify security defects in the verification (i.e., testing) phase. Fixing defects that late in the software development life cycle (SDLC) is often quite expensive. A better practice is to integrate security activities […]

Continue Reading...

Posted in Infographic | Comments Off on A journey through the secure software development life cycle phases

 

How to implement security measures without negatively affecting software quality

Over the past decade, most organizations have established a well-oiled process for software development and maintenance. We refer to this as the software development life cycle (SDLC). However, advancing security threats relating to insecure software have brought the focus to security implementation within the SDLC without hampering quality. Let’s examine a few strategies to implement security […]

Continue Reading...

Posted in Uncategorized | Comments Off on How to implement security measures without negatively affecting software quality

 

Learn how to implement security and quality into your firm’s SDLC

A major factor for companies, and even industries, failing to develop robust security programs is the perceived start-up cost to carry it out. It can be daunting to take large organizations as inspiration when considering how to implement security measures into the software development life cycle (SDLC). Many of these mature security programs have security […]

Continue Reading...

Posted in Uncategorized | Comments Off on Learn how to implement security and quality into your firm’s SDLC

 

Software security essentials every SMB should have

The all-too-prevalent attacks against large organizations are often those that you’ll see pop up on the news. However, attackers aren’t neglecting small and medium-sized businesses (SMBs). That’s why every organization, irrespective of its size, needs software security. Wondering how to kick-start a robust software security implementation for your start-up? Here, I’ll discuss several essential factors that […]

Continue Reading...

Posted in Software Security Initiative (SSI) | Comments Off on Software security essentials every SMB should have

 

Application security vs. software security: What’s the difference?

What is the difference between “application security” and “software security”? We examine the question and explain when to use each discipline. The terms “application security” and “software security” are often used interchangeably. However, there is in fact a difference between the two. Information security pioneer Gary McGraw maintains that application security is a reactive approach, taking place […]

Continue Reading...

Posted in Mobile Application Security, Web Application Security | Comments Off on Application security vs. software security: What’s the difference?

 

Samsung Galaxy phone hack: Making sense of the “Samsung” RCE vulnerability

The Samsung Galaxy phone hack was not caused by “one bug.” It was due to a chain of several failures, which makes it difficult to say who is at fault and how the Samsung hack could have been avoided. Don’t jump to conclusions! How did the Samsung Galaxy get hacked? Issue 1: Samsung uses a […]

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design | Comments Off on Samsung Galaxy phone hack: Making sense of the “Samsung” RCE vulnerability

 

Tineola: Taking a bite out of enterprise blockchain

Parsia Hakimian and Stark Riedesel presented Tineola at DEF CON 26 Enterprise blockchain platforms are one of the big questions faced by many corporations, including some of our customers. And when our customers come to us with complex problems, we take their unique situations into consideration and come up with tailored solutions. So when our […]

Continue Reading...

Posted in Developer Enablement, Red Teaming | Comments Off on Tineola: Taking a bite out of enterprise blockchain

 

Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP

Every application security testing tool—SAST, IAST, DAST, and RASP—has its distinct advantages, but you’ll get the best results when you use them together.

Continue Reading...

Posted in Infographic, Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP