Software Integrity Blog

Author Archive

Jamie Boote

jamieboote

Jamie Boote is a security consultant at Synopsys. He works with organizations to ensure their developers understand how to write secure code. Jamie believes that software security doesn't happen in isolation and needs effective communication between all levels of a company. When he's not advocating for the dinosaurs in any Perl vs. Python argument, Jamie can be found chasing his sons around Southern Florida.


Posts by Jamie Boote:

 

4 simple steps to encourage online safety at your company

October is Cyber Security Awareness Month. The internet has revolutionized how we do business, stay in touch, and shop. As we upload more of our lives onto the internet, we put more of ourselves at risk. A little security goes a long way in protecting what we do online. Here are four quick tips to […]

Continue Reading...

Posted in Security Training, Web Application Security | Comments Off on 4 simple steps to encourage online safety at your company

 

Checklist: Kick off your software integrity program with a bang

We are coming up on fall here in the States, and for most of us, that means two big types of kickoffs are happening: new business initiatives and football. Budgets tend to land around the same time as football season, so if you want to enjoy your Sunday kickoffs, follow this list of four impactful […]

Continue Reading...

Posted in Software Security Initiative (SSI) | Comments Off on Checklist: Kick off your software integrity program with a bang

 

Why should every eCommerce website have an SSL certificate?

In the world of data security, a critical element of working with users is earning their trust. Obtaining, implementing, and properly using an SSL certificate is one way to protect user data. Without a certificate, there is also no easy way to keep the communications between the user and an eCommerce website private from attackers. […]

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on Why should every eCommerce website have an SSL certificate?

 

SQL injection cheat sheet: How to prevent attacks

You can prevent SQL injection by using special database features to separate commands from data, or by keeping code vulnerable to SQLi out of your codebase.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on SQL injection cheat sheet: How to prevent attacks

 

Getting to the bottom of the top 5 vendor risk management best practices

“We cannot enter into alliances until we are acquainted with the designs of our neighbors.” – Sun Tzu Opening this post with an Art of War quote may seem a bit cliché. At the same time, it really hits the nail on the head when discussing vendor risk management. After all, the best way to […]

Continue Reading...

Posted in Software Security Initiative (SSI) | Comments Off on Getting to the bottom of the top 5 vendor risk management best practices

 

How to choose between closed source and open source software

“I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail.” —Abraham Maslow When it comes to commercial and open source tools (i.e., paid and free software) the debate as to which category of software is better continues, leaving egos, careers, and forums […]

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on How to choose between closed source and open source software

 

5 questions to ask yourself when deciding on the best static code analysis tool

Buying a house is interesting because it forces you to take a look at everything that you may have taken for granted and ignored. Recently, while I was packing my tools in preparation for a move, I realized that I have eight different hammers in my toolbox. Each hammer serves a different purpose and not […]

Continue Reading...

Posted in Open Source Security, Static Analysis (SAST) | Comments Off on 5 questions to ask yourself when deciding on the best static code analysis tool

 

Are you making software security a requirement?

Have you ever heard the old saying “You get what you get and you don’t get upset”? While that may apply to after school snacks and birthday presents, it shouldn’t be the case for software security. When a software feature is deployed, it isn’t simply accepted by the software owner; there’s a strategic process of […]

Continue Reading...

Posted in General | Comments Off on Are you making software security a requirement?

 

The top hacking techniques of 2015 and how they work

This year has been another banner year both in terms of security and vulnerability discovery. There have been many leaks and attacks, most of which were probably executed with older techniques. But, there are also a few new attack patterns worth highlighting which were revealed this year. Reflected file download (RFD) Let’s say that one […]

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design, Web Application Security | Comments Off on The top hacking techniques of 2015 and how they work

 

How proactive is your software security initiative?

The bad news is that software gets hacked. The defects or vulnerabilities that attackers take advantage of to hack software can be made by an organization internally, or by their vendors or partners. The good news is that remediation methods to resolve these defects and vulnerabilities are well known. Organizations with a mature software security […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Security Initiative (SSI), Web Application Security | Comments Off on How proactive is your software security initiative?