Once in awhile we, developers, come across with a security bug ticket assigned to us. Some of these bugs are the results of dynamic efforts where tests are executed against the running application, whereas, others are the results of static efforts where tests are executed against the code, resting. No matter what the origin is , like ordinary bugs, the security bugs better be handled with the following actions in mind...
What would I, as a humble programmer, do when I'm faced with a pesky programming bug that I don't know how to deal with or a technique that I'm not aware of, such as, let's say parsing XML in Java.
With a great pleasure we announce that AttackFlow has now a new Corporate Web Site and Enterprise Edition. With increasing solution portfolio and knowledge base, the website is full of new information. The Finding Knowledge Base now includes both Java, .NET and Android related finding know-hows with more indicators such as Trust Level and Fix Cost.
More importantly AttackFlow now has a new Enterprise Edition where security auditors can easily analyze their source code portfolio against various critical vulnerabilities. So go a head and give it a try by downloading your time limited but full copy of AttackFlow now!
Changing the way a developer codes is a hard task, if not impossible. However, to be able write secure code needs both a mental shift and change in coding behaviors. Using tools is a pretty important step towards producing secure softare, however, increasing security consciousness of developers in your team or presenting them invaluable security findings may not be enough to reach that goal. More actions should be taken.
Validating input is the number one protection mechanism that can prevent plethora of hacker attacks. However, what is exactly input validation? How and where should it be applied? Are there any pitfalls or any input validation technique will work? These are all valid questions and directly affects the security of your application.
Today there are many effective software production methodologies, however, in the very essence software development is a cycle that takes time. A software produced without proper security mentality breaks in the hands of an average hacker resulting in devastating costs.
Software is a complex piece of technology in the very heart of our lives from health to entertainment, from finance to connectivity. No doubt, security should be an integral part of this technology. As the history incessantly reveals malicious intentions against services are not new and software open to whole Internet usage is not an exception. Software products are constant and increasing targets for activists, organized or unorganized hackers, script kiddies, bug hunters and even the governments.
An anti-pattern is a common response to a recurring problem that is usually ineffective and risks being highly counterproductive. In short anti-patterns are commonly reinvented but bad solutions to problems.
If so, click to download 15 days full version for free!