There is a sad reality in the software world that developer education and training not only neglect software security, but often teach developers the wrong activities to secure it. This ranges from the ‘get it to work and move on’ habit to insecure code samples in the tutorials and forums we all use when learning new […]
Continue Reading...
Posted in Secure Coding Guidelines, Security Training, Web Application Security | Comments Off on Insecure example code leads to insecure production code
Software developers and information security professionals have almost always been two mutually exclusive groups. However, with the increase in security awareness, developers have started integrating security into the development process. To further bridge the gap between development and security, it is essential for developers to have a good understanding of security principles. In this post, […]
Continue Reading...
Posted in Application Security, Security Training, Software Security Testing, Vulnerability Assessment | Comments Off on Security topics every software developer should know
Synopsys Principal Security Consultant, Ksenia Dmitrieva-Peguero, recently posed the question at the information security conference, Securi-Tay: How secure is AngularJS? With seven years of experience in the AppSec space, and five years of software development experience, Ksenia’s current concentration centers on the analysis of JavaScript frameworks–researching their security implications, vulnerability discovery, and remediation. In her latest […]
Continue Reading...
Posted in Application Security, Security Conference or Event, Security Training, Vulnerability Assessment | Comments Off on How secure is AngularJS?
We’re excited to announce a new addition to our eLearning library: Attack & Defense. What’s this course all about? Web applications are becoming an increasingly high-value target for hackers looking to make a quick buck, damage reputations, or just boost their “street cred.” There is no shortage of publicly known attack tools and techniques, and software developers are outnumbered at the […]
Continue Reading...
Posted in Security Training, Web Application Security | Comments Off on Hands-on strategies to counter common web application attacks
Originally posted on SecurityWeek. For far too long software security has been comprised of a curious bifurcation of roles. Developers develop and IT security testers test for security issues. Fortunately, a confluence of circumstances has forced a recalibration of the developer’s role in software security. In fact, I think we are about to see a new […]
Continue Reading...
Posted in Security Training, Software Development Life Cycle (SDLC), Software Security Program Development, Static Analysis (SAST) | Comments Off on Moving beyond ‘moving left’: The case for developer enablement
HTML5 is the fifth revision of the HTML standard. HTML5 and its integration with JavaScript introduce new security risks that require careful consideration when writing web front-end code. Modern web-based software, including mobile web front-end applications, make heavy use of innovative JavaScript and HTML5 browser support to deliver advanced user experiences. Front-end developers focus their […]
Continue Reading...
Posted in Secure Coding Guidelines, Security Training | Comments Off on Learn defensive programming for HTML5 in a day
Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, “Seven Things: Frank Zappa, T. Coraghassen Boyle, and 21 Years in Security,” touches upon valuable insights gleaned over McGraw’s more than 21 years in software security. It also reflects his many interests. Watch the […]
Continue Reading...
Posted in Security Conference or Event, Security Metrics, Security Training, Software Architecture and Design, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Gary McGraw’s Shmoocon keynote recaps security career with advice
While it is a common misnomer that many firms rely on, it’s never a good security strategy to simply buy the latest security tool and call it a day. Your organization may need to invest in focused employee education and tool deployment before seeing a return on investment. Software security isn’t simply plug and play. […]
Continue Reading...
Posted in Security Training, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on Are you following the top 10 software security best practices?
Most developers focus their day-to-day thought processes on building software rather than breaking it. Meanwhile, organizations face growing and evolving threats against their digital assets and infrastructure. That’s why it’s critically important for security operations and development teams to think defensively. Thinking of any and every possible attack is what red teaming is all about. A […]
Continue Reading...
Posted in Red Teaming, Security Training | Comments Off on Think like an attacker during 2-day red team workshop
We’re excited to announce a new addition to our eLearning library: OpenID Connect Purpose and Security. OpenID Connect has become an industry-leading standard for user identification. If you’ve ever logged into a service using your Google or Twitter credentials then you’ve used OpenID Connect. When implemented properly, OpenID Connect is a reliable and secure solution […]
Continue Reading...
Posted in Security Training | Comments Off on Learn how OpenID Connect works and how to implement it securely