Software Integrity Blog

Archive for the 'Developer Enablement' Category

 

[Webinar] Building a culture of secure programming

Get practical advice for building a culture of secure programming and implementing security as an enabler without disrupting velocity in your organization.

Continue Reading...

Posted in Developer Enablement, Webinars

 

[Webinars] Tech due diligence and AppSec tools for developers

Learn how to manage your software asset risk in tech due diligence, and discover AppSec tools and techniques to enable your developers to build security in.

Continue Reading...

Posted in Developer Enablement, Mergers & Acquisitions, Webinars

 

Why dependencies matter for SAST

How do static analyzers manage code dependencies? There are many ways, but the best static analyzers take a hybrid approach to dependency analysis.

Continue Reading...

Posted in Developer Enablement, Static Analysis (SAST)

 

How to get cloud security training for your team

To give your team the latest cloud security training, you need a fixed core curriculum and the flexibility to customize cloud training to each person’s needs.

Continue Reading...

Posted in Cloud Security, Developer Enablement, Security Training & Awareness, Webinars

 

Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol

This is the second of two articles that describe how to use the Defensics SDK in fuzzing Bitcoin. In the previous article, you saw how to set up a test bed for bitcoind. We created two containers, alice and bob, and were able to set up communication between the two bitcoind instances. In this article, you’ll learn how to create a data model for the Bitcoin network protocol, then use this model in the Defensics SDK to perform fuzzing on bitcoind.

Continue Reading...

Posted in Developer Enablement, Fuzz Testing

 

Cracking XenForo corpuses: An unsupported sha256(sha256($pass).$salt) hash type

A list that recently hit Hashes.org, with 1M records and low crack rate, looked like an interesting target. Taking a closer look, we quickly found out why.

Continue Reading...

Posted in Developer Enablement

 

Power(Shell) to the people

Type less, write cleaner scripts, run consistently across platforms, and other reasons why Linux and OS X users can fall in love with PowerShell.

Continue Reading...

Posted in Developer Enablement

 

Help your development teams overcome challenges

Are these common secure development challenges keeping your teams from creating secure software? Learn how to overcome them by empowering your developers.

Continue Reading...

Posted in Developer Enablement

 

How to reduce risk while saving on the cost of resolving security defects

Can you really reduce the cost per defect by implementing application security best practices? Let’s explore the “so what?” that proves their real worth.

Continue Reading...

Posted in Developer Enablement

 

Vulnerability remediation: You only have 4 options

In my previous post, I wrote about a simple process for triaging vulnerabilities across applications. Once you have the issues prioritized, the vulnerability remediation process is pretty straightforward. You don’t have a lot of options; either remediate the issue, ignore it, or apply other measures (compensating controls) to mitigate the risk posed by the vulnerability.

Continue Reading...

Posted in Developer Enablement, Open Source Security