Software Integrity

Archive for the 'Software Architecture and Design' Category

 

Webinar: Systems failure fuels security-focused design practices

Today’s electronic systems are more intelligent, more connected, and more at risk than ever before. In fact, a single vulnerability can lead to widespread system-of-systems compromises. Organizations participating in security-critical industries like Aerospace and Defense are especially at risk. About this webinar Cristopher Rommel from VDC and Joe Jarzombek from Synopsys will discuss the results […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Webinar: Systems failure fuels security-focused design practices

 

Fault Injection Podcast .003: Top Gun

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report produced with VDC Research entitled “Skyrocketing Costs of Aerospace & Defense Systems Failure Fuel […]

Continue Reading...

Posted in Embedded Software Testing, Software Architecture and Design, Software Security Testing | Comments Off on Fault Injection Podcast .003: Top Gun

 

What are the attributes of secure web application architecture?

Web application architecture typically covers the basic rendering and return of information to a client, usually on a web browser. Behind the scenes, a web application will draw upon many distinct layers. These may include servers used for presentation, business, and data. There are different architectures consisting of different layering strategies depending upon the need. […]

Continue Reading...

Posted in Security Architecture, Software Architecture and Design, Web Application Security | Comments Off on What are the attributes of secure web application architecture?

 

Gary McGraw’s Shmoocon keynote recaps security career with advice

Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, “Seven Things: Frank Zappa, T. Coraghassen Boyle, and 21 Years in Security,” touches upon valuable insights gleaned over McGraw’s more than 21 years in software security. It also reflects his many interests. Watch the […]

Continue Reading...

Posted in Security Conference or Event, Security Metrics, Security Training, Software Architecture and Design, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Gary McGraw’s Shmoocon keynote recaps security career with advice

 

4 principles of secure software design

Secure software design sounds like a pretty concrete concept, right? The software is either secure or it’s not. If only it were that simple. Software design and development is evolving at an amazing rate. That’s why it’s critically important to stay on top of the security measures protecting each piece of software. Here are four […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on 4 principles of secure software design

 

4 threat modeling questions to ask before your next Agile sprint

Creating a threat model for a moderately complex application can take several weeks and requires a certain level of software security expertise. Just because you’re following an Agile development methodology doesn’t mean that you can ignore potential flaws in the design of the application. The way in which you look for those flaws may need […]

Continue Reading...

Posted in Agile Methodology, Software Architecture and Design, Threat Modeling | Comments Off on 4 threat modeling questions to ask before your next Agile sprint

 

Improving applications with secure software design

An often overlooked aspect of software development is secure software design. With rapidly changing technologies, tight release schedules, and sloppy architecting to begin with, finding a securely designed application is too rare of an occurrence. Additionally, the application security community has not done a great job at providing meaningful guidance around secure software design. Fortunately, […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Improving applications with secure software design

 

3 security risks that architecture analysis can resolve

Verizon performs an annual assessment of a large sample of breaches and attacks that take place all over the world and analyzes the most common problems and key areas which lead to major attacks. In this article, we discuss three specific security incident patterns from Verizon’s report and how architecture analysis assessments can help organizations […]

Continue Reading...

Posted in Software Architecture and Design, Software Development Life Cycle (SDLC), Software Security Testing, Web Application Security | Comments Off on 3 security risks that architecture analysis can resolve

 

Understanding architecture analysis and secure design review

So you understand the difference between bugs and flaws and that the defect universe is roughly a 50/50 split of bugs and flaws. Awesome! (If you don’t yet understand the difference, here’s a great read about software flaws in application architecture that will explain it.) You’ve also decided you want to start actively doing some […]

Continue Reading...

Posted in Penetration Testing, Software Architecture and Design, Software Security Testing | Comments Off on Understanding architecture analysis and secure design review

 

How does IEEE help protect against software development design flaws?

One of the main focuses of the Software Security industry is ensuring that all code is clear of bugs. But this is only a half of the problem. The other half is the design flaws in the applications coding, which can be avoided in the earlier stages. Examples of this include forgetting to authenticate the […]

Continue Reading...

Posted in Security Conference or Event, Software Architecture and Design, Vulnerability Assessment | Comments Off on How does IEEE help protect against software development design flaws?