Secure Software Development

MUST READ New algorithm promises to secure P2P content ARTICLE - Three cryptographers have developed a secure P2P content distribution method without creating bottlenecks, and it could be a significant breakthrough in the encryption arena. Breaking software easier than you think ARTICLE - Whether you create applications or just use them, one way to make a system more secure is to understand how it's being exploited. Software secured with CLASP ARTICLE - New guidelines to bake security into the early stages of software development come just as teams feel the squeeze.

VIDEO: 1 - 1 of 1

	Gary McGraw on secure software development SearchSecurity.com | 29 Jul 2008 VIDEO - Gary McGraw of Cigital Inc. explains why better secure coding could help thwart future Web 2.0 attacks. He says the industry is making progress.

	VIEW ALL VIDEO ON SECURE SOFTWARE DEVELOPMENT

NEWS: 1 - 3 of 86

	Mozilla to release Firefox threat-modeling data SearchSecurity.com | 06 Aug 2008 ARTICLE - Black Hat: The Mozilla Foundation's security chief says it will soon publicly release threat-modeling data for the next version of the Firefox Web browser.

	Software still plagued with security holes, researcher says SearchSecurity.com | 30 Jun 2008 ARTICLE - In this podcast, noted security researcher Greg Hoglund, who specializes in Windows rootkits and secure coding, explains why software is just as vulnerable today as it was in 1999.

	Microsoft tools won't be quick fix for SQL injection attacks SearchSecurity.com | 25 Jun 2008 ARTICLE - Microsoft's security advisory will help raise awareness about secure software coding, but it won't stop the onslaught of SQL injection attacks, experts say.

	VIEW ALL NEWS ON SECURE SOFTWARE DEVELOPMENT

EXPERT TECHNICAL ADVICE: 1 - 3 of 29

SECURE SOFTWARE DEVELOPMENT EXPERTS
			Michael Cobb Founder and Managing Director, Cobweb Applications Ltd. ASK A QUESTION

	Which automated quality assurance tools can be used to test software? 09 Jun 2008 EXPERT ANSWER - If your application development process is not yet addressing security at all six phases of the lifecycle, now is the time to start. Application security expert Michael Cobb explains which quality assurance tools can help.

	Will Cisco's plan to open access to the IOS improve network security? 21 Apr 2008 EXPERT ANSWER - If Cisco's initiative pans out, we're likely to see a number of new network management tools that integrate with IOS. Mike Chapple explains why that centralization will be a security improvement.

	Best practices for using restriction policy whitelists 02 Apr 2008 EXPERT ANSWER - Ed Skoudis discusses which systems should be considered for software restriction policy whitelists, and unveils how whitelisting can improve security.

	VIEW ALL EXPERT TECHNICAL ADVICE ON SECURE SOFTWARE DEVELOPMENT

REFERENCE & LEARNING: 1 - 3 of 10

	Information security book excerpts and reviews SearchSecurity.com | 22 May 2008 INFORMATION SECURITY BOOKSHELF - Visit the Information Security Bookshelf for book reviews and free chapter downloads.

	Attacks targeted to specific applications By Dan Sullivan, Realtimepublishers | 26 Jan 2007 BOOK CHAPTER - This is the fourth tip in our series, "How to assess and mitigate information security threats".

	Architectural Risk Analysis: Traditional Risk Analysis Terminology 06 Feb 2006 BOOK CHAPTER -

	VIEW ALL REFERENCE & LEARNING ON SECURE SOFTWARE DEVELOPMENT

MAGAZINE CONTENT (free subscription required): 1 - 3 of 14

	Product review: Klocwork Insight 8.0 Information Security Magazine | 01 Jun 2008 HOT PICK & PRODUCT REVIEWS - SOFTWARE SECURITY

	Product review: Mu-4000 Security Analyzer Information Security Magazine | 01 Jun 2008 HOT PICK & PRODUCT REVIEWS - SYSTEM/DEVICE TESTING

	Reasearch on Coding Backdoors Presents Ugly Picture Information Security Magazine | 01 May 2008 COLUMNS - Editor's Desk: Backdoor Bedlam

	VIEW ALL MAGAZINE CONTENT ON SECURE SOFTWARE DEVELOPMENT

WEBCASTS: 1 - 3 of 3

	Tools for securing the software development lifecycle - Expert Webcast VIEW WEBCAST PREMIERED:   30 MAR 2006, 09:00 EST (14:00, GMT) SUMMARY:   This webcast will address the key steps of the Software Development Lifecycle, and evaluate common tools and techniques to improve the security of applications.

	CISSP Essentials: Mastering the Common Body of Knowledge -- Class 6, Applications and System Development - Expert Webcast VIEW WEBCAST PREMIERED:   16 DEC 2004, 09:00 EST (14:00, GMT) SUMMARY:   Applications and computer systems are usually developed for functionality first, not security. Listen to this presentation and learn how to build security into every system from the outset.

	Five hidden tactics for secure programming - Expert Webcast VIEW WEBCAST PREMIERED:   28 SEP 2004, 12:00 EDT (16:00, GMT) SUMMARY:   Discover the five fundamental steps of secure code development to help you cost-effectively address the root cause of the biggest security exposures in uncompiled code: design flaws.

	VIEW ALL WEBCASTS ON SECURE SOFTWARE DEVELOPMENT

DEFINITIONS: 1 - 3 of 6

	fuzz testing 12 Dec 2007 WORD - Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system ...

	Common Weakness Enumeration 27 May 2007 WORD - Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software. The dictionary is maintained by the MITRE Corporation and can be accessed free on a worldwide basis. ...

	threat modeling 14 Feb 2006 WORD - Threat modeling is a procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system. In this context, a ...

	VIEW ALL DEFINITIONS ON SECURE SOFTWARE DEVELOPMENT

	SEE ALSO - Topics Related to Secure Software Development:  Application Firewalls, Securing Productivity Applications, Database Security, Email Security, Secure IM, Web Security