Email Alerts
-
Static code analysis tools gain traction in India as SDL models mature
Static analysis tools are gaining popularity with Indian companies as software development models and perspectives mature. Here are some popular choices. Feature
-
Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference
Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference. Tutorial
-
Sandboxing for secure app development: Adobe Reader’s ‘protected mode’
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we dissect Adobe Reader X’s sandbox to understand how sandboxing works. Tutorial
-
Exploit writing tutorial: Part 1
In the first part of our exploit writing tutorial, we take a look at the fine art of vulnerability discovery, fuzzing and usable techniques. Tutorial
-
Burp Suite Tutorial: Part 2 – Intruder and repeater tools
Our Burp Suite tutorial’s second part covers intruder and repeater. Use this Burp Suite tutorial to customize attacks on Web apps via SQLi and XSS bugs. Tutorial
-
Burp Suite Guide: Part I – Basic tools
Our Burp Suite guide series explains how to use Burp Suite for security testing of Web apps. For a start, we look at proxy, spider, site scope and sitemap. Tutorial
-
Web app design at the core of coding weaknesses, attacks, says expert
When addressing Web application threats and vulnerabilities, security teams need to look out for design flaws, says Mike Shema of Qualys, Inc. News | 16 Oct 2012
-
Apple's AuthenTec purchase may pave way for iOS biometrics
In addition to fingerprint technology, AuthenTec provides mobile security software licenses. One of its customers is Samsung, a main rival of Apple's. News | 27 Jul 2012
-
Android Malware Genome Project aims to nurture mobile security research
Project will share data on malware targeting the Android platform. It has collected 1,200 Android malware samples. News | 23 May 2012
-
VMware downplays ESX hypervisor source code leak
Company says source code was leaked online but says may not mean increased risk. News | 25 Apr 2012
-
Hunting for application logic flaws requires people, expert says
Rafal Los, a software security expert and consultant with Hewlett Packard, says humans far outgun automated tools in the hunt for costly application logic flaws. News | 10 Apr 2012
-
Web browser attacks aimed at plug-ins despite rise in flaws, IBM finds
An IBM report found a slight increase in browser-based vulnerabilities, but security features are driving attackers to target components rather than the browser itself. News | 28 Mar 2012
-
Dangerous Microsoft RDP vulnerabilities repaired in Patch Tuesday
Vulnerability experts call the Microsoft Remote Desktop Protocol flaws dangerous and say they should be quickly addressed by patching admins. News | 13 Mar 2012
-
Research into cryptographic system limitations crucial, RSA panel says
Researchers testing some of the most relied upon cryptographic algorithms are making progress in breaking them, according to experts on the 2012 RSA Conference Cryptographer’s Panel. News | 28 Feb 2012
-
Security startups to unveil new security technology at RSA 2012
One firm will leave RSA 2012 with the “Most Innovative” title, but industry experts say they all contribute in bringing the security industry up to par with sophisticated malware and hacking techniques. News | 16 Feb 2012
-
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. News | 03 Feb 2012
- See more News on Secure application development and coding techniques
-
Using ESAPI to fix XSS in your Java code
Customized validation routines are the norm in Indian organizations for fixing vulnerabilities. OWASP’s ESAPI framework may prove to be a better option. Tip
-
Vulnerabilities in JavaScript: Secure coding insights and tips
JavaScript vulnerabilities are on the rise in India with the entry of HTML5 and faster JavaScript engines. Here are some key problem areas along with antidotes. Tip
-
Intro: How big data benefits enterprise information security posture
Andrew Hutchison explains how big data benefits enterprise information security posture by merging the security and operational data landscape. Tip
-
Why static code analysis’ benefits go beyond mere VA/PT
While everyone has joined the VA/PT bandwagon, few Indian organizations consider static code analysis viable. We look at where static code analysis scores. Tip
-
Mobile application security issues and threat vectors in enterprises
As mobile application security threats take on serious proportions, we explore the issues and risks involved for users and enterprises. Tip
-
Cloud computing architecture security part 1: Physical and intrinsic controls
Proper design of cloud computing architecture is essential for security. Learn about the physical and intrinsic controls for effective cloud architecture. Tip
-
Comparing enterprise data anonymization techniques
Compare data anonymization techniques including encryption, substitution, shuffing, number and data variance and nulling out data. Tip
-
How can you prevent LinkedIn type of attacks on your business?
Blackhats recently made 6.5 Million LinkedIn password hashes public. A look at what went wrong, and defense options like salted hashes and key stretching. Tip
-
Analysis: Vast IPv6 address space actually enables IPv6 attacks
For World IPv6 Launch Day 2012, Fernando Gont covers why common ways of generating IPv6 addresses actually make an attacker’s job easier. Tip
-
Sslstrip tutorial for penetration testers
Sslstrip is a powerful tool to extract sensitive credentials using HTTPS stripping. This sslstrip tutorial explains the working of sslstrip in-depth. Tip
- See more Tips on Secure application development and coding techniques
-
Mobile apps development: New threats or same security rules apply?
Two security experts get up on their soap box about the steps software teams should take to secure applications throughout the apps' lifecycle. Answer
-
Should static analysis be a part of the software development process?
When the cost of addressing security issues increases as the software design lifecycle proceeds, see why expert Michael Cobb says that using static analysis early on can benefit your bottom line. Ask the Expert
-
How can quality assurance tools aid software development?
There are an increasing number of tools aimed at improving software quality control and assurance, and they can certainly play a role in producing higher quality software. In this expert Q&A, Michael Cobb explains why the QA products may not be worth... Ask the Expert
-
How can gap analysis be applied to the security SDLC?
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis into software development, and how it can help stop data leaks at your enterprise. Ask the Expert
-
Which automated quality assurance tools can be used to test software?
If your application development process is not yet addressing security at all six phases of the lifecycle, now is the time to start. Application security expert Michael Cobb explains which quality assurance tools can help. Ask the Expert
-
NASSCOM (National Association of Software and Services Companies)
The National Association of Software and Services Companies (NASSCOM) is a not-for-profit Indian consortium created to promote the development of the country's IT (information technology) and business process outsourcing (BPO) industries. Definition
-
Data Security Council of India (DSCI)
The Data Security Council of India (DSCI) is a not-for-profit organization created to promote the country as a secure destination for information technology (IT) outsourcing. DSCI was founded by NASSCOM, an Indian IT-BPO (business process outsourcing... Definition
-
Sandboxing for secure app development: Adobe Reader’s 'protected view'
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we look at the components of Adobe Reader X’s sandbox. Photo Story
-
Metasploit and software vulnerability testing
Metasploit is a free tool that can be used to pen test for new and potentially damaging vulnerabilites. In this interview, H.D. Moore, creator of Metasploit, explains how the tool works and what it can contribute to software security. Video
-
Software security threats and employee awareness training
What are the newest threats to enterprise networks, and how can you subvert these emerging security threats? Greg Hoglund, CEO of HBGary and creator of the first rootkit, answers these questions. Video
-
The importance of secure software development training
At Information Security Decisions 2008, security researchers discuss secure application coding and how to teach best practices to young developers (part 4 of 4). Video
-
The importance of secure software development training
At Information Security Decisions 2008, security researchers discuss secure application coding and how to teach best practices to young developers (part 4 of 4). Video
-
Gary McGraw on secure software development
Gary McGraw of Cigital Inc. explains why better secure coding could help thwart future Web 2.0 attacks. He says the industry is making progress. Video
-
Mobile apps development: New threats or same security rules apply?
Two security experts get up on their soap box about the steps software teams should take to secure applications throughout the apps' lifecycle. Answer
-
Using ESAPI to fix XSS in your Java code
Customized validation routines are the norm in Indian organizations for fixing vulnerabilities. OWASP’s ESAPI framework may prove to be a better option. Tip
-
Web app design at the core of coding weaknesses, attacks, says expert
When addressing Web application threats and vulnerabilities, security teams need to look out for design flaws, says Mike Shema of Qualys, Inc. News
-
Vulnerabilities in JavaScript: Secure coding insights and tips
JavaScript vulnerabilities are on the rise in India with the entry of HTML5 and faster JavaScript engines. Here are some key problem areas along with antidotes. Tip
-
Static code analysis tools gain traction in India as SDL models mature
Static analysis tools are gaining popularity with Indian companies as software development models and perspectives mature. Here are some popular choices. Feature
-
Intro: How big data benefits enterprise information security posture
Andrew Hutchison explains how big data benefits enterprise information security posture by merging the security and operational data landscape. Tip
-
Why static code analysis’ benefits go beyond mere VA/PT
While everyone has joined the VA/PT bandwagon, few Indian organizations consider static code analysis viable. We look at where static code analysis scores. Tip
-
Mobile application security issues and threat vectors in enterprises
As mobile application security threats take on serious proportions, we explore the issues and risks involved for users and enterprises. Tip
-
Apple's AuthenTec purchase may pave way for iOS biometrics
In addition to fingerprint technology, AuthenTec provides mobile security software licenses. One of its customers is Samsung, a main rival of Apple's. News
-
Cloud computing architecture security part 1: Physical and intrinsic controls
Proper design of cloud computing architecture is essential for security. Learn about the physical and intrinsic controls for effective cloud architecture. Tip
- See more All on Secure application development and coding techniques
About Secure application development and coding techniques
Generate secure code for your business applications with our comprehensive secure coding resources. Secure source code with application coding best practices. Ensure that your developers are writing secure code. Find all these and more secure coding best practices here.