Software Integrity Blog

Archive for the 'Developer Enablement' Category

 

Software Testing Tools Checklist: Do your tools empower your developers?

Software testing tools for developers must be accurate and easy to integrate. The Software Testing Tools Checklist asks 7 questions to help you evaluate.

Continue Reading...

Posted in Developer Enablement | Comments Off on Software Testing Tools Checklist: Do your tools empower your developers?

 

4 key differences moving from Java to .NET Core, part 1

Getting started with .NET Core? If you’re exploring C#, you’ll find it borrows much from Java. Here are a few prominent differences you should be aware of as you move from Java to .NET Core.

Continue Reading...

Posted in Developer Enablement, Open Source Security | Comments Off on 4 key differences moving from Java to .NET Core, part 1

 

Vulnerability remediation: You only have 4 options

In my previous post, I wrote about a simple process for triaging vulnerabilities across applications. Once you have the issues prioritized, the vulnerability remediation process is pretty straightforward. You don’t have a lot of options; either remediate the issue, ignore it, or apply other measures (compensating controls) to mitigate the risk posed by the vulnerability.

Continue Reading...

Posted in Developer Enablement, Open Source Security | Comments Off on Vulnerability remediation: You only have 4 options

 

AngularJS security series part 1: Angular $http service

Welcome to the first part in our AngularJS Security Series. Here, we’ll discuss the various solutions to write more secure applications. Our goal is simple: to help developers better understand Angular and embrace the practice of writing more secure code.

Continue Reading...

Posted in Developer Enablement, Web Application Security | Comments Off on AngularJS security series part 1: Angular $http service

 

AngularJS is secure by default, right? Not so fast.

AngularJS is one of those wonderful frameworks that seems to hide so many of JavaScript’s warts. While Angular adds much-needed features to the language, it also creates a handful of new problems for developers. Due to this, I’ve teamed up with Lewis Ardern to pose a simple question with a not-so-simple answer:

Continue Reading...

Posted in Developer Enablement | Comments Off on AngularJS is secure by default, right? Not so fast.

 

Pseudorandom number generation means pseudosecurity

In 2014 an exploit was discovered in Firefox for Android that allowed malicious applications access to sensitive user data. The cause? An unfortunately predictable PRNG called Math.random().

Continue Reading...

Posted in Developer Enablement, Web Application Security | Comments Off on Pseudorandom number generation means pseudosecurity

 

Proper use of Java SecureRandom

Java SecureRandom updates as of April 2016 There have been several changes to Java’s SecureRandom API since creating this post back in 2009. According to Oracle, the following interesting changes have been made:

Continue Reading...

Posted in Developer Enablement | Comments Off on Proper use of Java SecureRandom

 

What’s the difference? OAuth 1.0 vs OAuth 2.0

What’s the difference between OAuth 1.0 and OAuth 2.0? And which version of OAuth is right for you? Hint: It’s not necessarily the latest one.

Continue Reading...

Posted in Developer Enablement, Web Application Security | Comments Off on What’s the difference? OAuth 1.0 vs OAuth 2.0

 

Understanding Python pickling and how to use it securely

In Python, you can use pickle to serialize (deserialize) an object structure into (from) a byte stream. Here are best practices for secure Python pickling.

Continue Reading...

Posted in Developer Enablement | Comments Off on Understanding Python pickling and how to use it securely