Software Integrity Blog

Author Archive

Jamie Boote

jamieboote

Jamie Boote is a security consultant at Synopsys. He works with organizations to ensure their developers understand how to write secure code. Jamie believes that software security doesn't happen in isolation and needs effective communication between all levels of a company. When he's not advocating for the dinosaurs in any Perl vs. Python argument, Jamie can be found chasing his sons around Southern Florida.


Posts by Jamie Boote:

 

4 simple steps to encourage online safety at your company

October is Cyber Security Awareness Month.

Continue Reading...

Posted in Security Training, Web Application Security | Comments Off on 4 simple steps to encourage online safety at your company

 

Checklist: Kick off your software integrity program with a bang

We are coming up on fall here in the States, and for most of us, that means two big types of kickoffs are happening: new business initiatives and football. Budgets tend to land around the same time as football season, so if you want to enjoy your Sunday kickoffs, follow this list of four impactful activities to make your software integrity program kickoff a success. 1. Build your team Everyone on the field has a role. Pick your captains, coaches, and quarterbacks wisely.

Continue Reading...

Posted in General | Comments Off on Checklist: Kick off your software integrity program with a bang

 

Why should every eCommerce website have an SSL certificate?

In the world of data security, a critical element of working with users is earning their trust. Obtaining, implementing, and properly using an SSL certificate is one way to protect user data. Without a certificate, there is also no easy way to keep the communications between the user and an eCommerce website private from attackers. What is encryption? Encryption protects data and keeps secrets out of reach from eavesdroppers. It seems like the stuff of movies and television dramas. It’s often portrayed in the media as some impenetrable obstacle that can’t be overcome without keys. Or, as an easy challenge to solve with rapid typing and a few progress bars.

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on Why should every eCommerce website have an SSL certificate?

 

How to prevent SQL injection attacks: A cheat sheet

Prevent SQL injection attacks by using special database features to separate commands from data, or by keeping code vulnerable to SQLi out of your codebase.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on How to prevent SQL injection attacks: A cheat sheet

 

Getting to the bottom of the top 5 vendor risk management best practices

“We cannot enter into alliances until we are acquainted with the designs of our neighbors.”

Continue Reading...

Posted in General | Comments Off on Getting to the bottom of the top 5 vendor risk management best practices

 

How to choose between closed source and open source software

“I suppose it is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail.”

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on How to choose between closed source and open source software

 

5 questions to ask yourself when deciding on the best static code analysis tool

Buying a house is interesting because it forces you to take a look at everything that you may have taken for granted and ignored. Recently, while I was packing my tools in preparation for a move, I realized that I have eight different hammers in my toolbox. Each hammer serves a different purpose and not all of them include driving nails. Some of these hammers were handed down from my grandpa. I bought others to complete recent projects. As I was packing them up, I had to evaluate whether I still had a use for each one. Moving is a chance to go through your belongings and decide if what you have still works for you. Just like my physical toolbox, my security toolbox has a variety of tools that may all look alike at first glance but actually serve very different purposes.

Continue Reading...

Posted in Open Source Security, Static Analysis (SAST) | Comments Off on 5 questions to ask yourself when deciding on the best static code analysis tool

 

Are you making software security a requirement?

Robust software security requirements help you lock down what your software does so that it can be used only as intended. Learn how to build your own.

Continue Reading...

Posted in General | Comments Off on Are you making software security a requirement?

 

The top hacking techniques of 2015 and how they work

This year has been another banner year both in terms of security and vulnerability discovery. There have been many leaks and attacks, most of which were probably executed with older techniques. But, there are also a few new attack patterns worth highlighting which were revealed this year.

Continue Reading...

Posted in Mobile Application Security, Software Architecture and Design, Web Application Security | Comments Off on The top hacking techniques of 2015 and how they work

 

How proactive is your software security initiative?

A proactive software security initiative helps protect your organization. Does your SSI measure up? Take our short quiz, based on the BSIMM, to find out.

Continue Reading...

Posted in Maturity Model (BSIMM), Web Application Security | Comments Off on How proactive is your software security initiative?