Power(Shell) to the people
Type less, write cleaner scripts, run consistently across platforms, and other reasons why Linux and OS X users can fall in love with PowerShell.
Posted in Developer Enablement | Comments Off on Power(Shell) to the people
Help your development teams overcome challenges
Are these common secure development challenges keeping your teams from creating secure software? Learn how to overcome them by empowering your developers.
Posted in Developer Enablement | Comments Off on Help your development teams overcome challenges
How to reduce risk while saving on the cost of resolving security defects
Can you really reduce the cost per defect by implementing application security best practices? Let’s explore the “so what?” that proves their real worth.
Posted in Developer Enablement | Comments Off on How to reduce risk while saving on the cost of resolving security defects
Vulnerability remediation: You only have 4 options
In my previous post, I wrote about a simple process for triaging vulnerabilities across applications. Once you have the issues prioritized, the vulnerability remediation process is pretty straightforward. You don’t have a lot of options; either remediate the issue, ignore it, or apply other measures (compensating controls) to mitigate the risk posed by the vulnerability.
Posted in Developer Enablement, Open Source Security | Comments Off on Vulnerability remediation: You only have 4 options
AngularJS security series part 1: Angular $http service
Welcome to the first part in our AngularJS Security Series. Here, we’ll discuss the various solutions to write more secure applications. Our goal is simple: to help developers better understand Angular and embrace the practice of writing more secure code.
Posted in Developer Enablement, Web Application Security | Comments Off on AngularJS security series part 1: Angular $http service
Moving beyond ‘moving left’: The case for developer enablement
We’re currently seeing a recalibration of the developer’s role in software security. We are about to see a new wave of what I call developer enablement.
Posted in Developer Enablement | Comments Off on Moving beyond ‘moving left’: The case for developer enablement
AngularJS is secure by default, right? Not so fast.
AngularJS is one of those wonderful frameworks that seems to hide so many of JavaScript’s warts. While Angular adds much-needed features to the language, it also creates a handful of new problems for developers. Due to this, I’ve teamed up with Lewis Ardern to pose a simple question with a not-so-simple answer:
Posted in Developer Enablement | Comments Off on AngularJS is secure by default, right? Not so fast.
Pseudorandom number generation means pseudosecurity
In 2014 an exploit was discovered in Firefox for Android that allowed malicious applications access to sensitive user data. The cause? An unfortunately predictable PRNG called Math.random().
Posted in Developer Enablement, Web Application Security | Comments Off on Pseudorandom number generation means pseudosecurity
Proper use of Java SecureRandom
Java SecureRandom updates as of April 2016 There have been several changes to Java’s SecureRandom API since creating this post back in 2009. According to Oracle, the following interesting changes have been made:
Posted in Developer Enablement | Comments Off on Proper use of Java SecureRandom
What’s the difference? OAuth 1.0 vs OAuth 2.0
What’s the difference between OAuth 1.0 and OAuth 2.0? And which version of OAuth is right for you? Hint: It’s not necessarily the latest one.
Posted in Developer Enablement, Web Application Security | Comments Off on What’s the difference? OAuth 1.0 vs OAuth 2.0
