-
Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference
Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference. Tutorial
-
Sandboxing for secure app development: Adobe Reader’s ‘protected mode’
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we dissect Adobe Reader X’s sandbox to understand how sandboxing works. Tutorial
-
Exploit writing tutorial: Part 1
In the first part of our exploit writing tutorial, we take a look at the fine art of vulnerability discovery, fuzzing and usable techniques. Tutorial
-
Burp Suite Tutorial: Part 2 – Intruder and repeater tools
Our Burp Suite tutorial’s second part covers intruder and repeater. Use this Burp Suite tutorial to customize attacks on Web apps via SQLi and XSS bugs. Tutorial
-
Burp Suite Guide: Part I – Basic tools
Our Burp Suite guide series explains how to use Burp Suite for security testing of Web apps. For a start, we look at proxy, spider, site scope and sitemap. Tutorial
-
VMware downplays ESX hypervisor source code leak
Company says source code was leaked online but says may not mean increased risk. News | 25 Apr 2012
-
Hunting for application logic flaws requires people, expert says
Rafal Los, a software security expert and consultant with Hewlett Packard, says humans far outgun automated tools in the hunt for costly application logic flaws. News | 10 Apr 2012
-
Web browser attacks aimed at plug-ins despite rise in flaws, IBM finds
An IBM report found a slight increase in browser-based vulnerabilities, but security features are driving attackers to target components rather than the browser itself. News | 28 Mar 2012
-
Dangerous Microsoft RDP vulnerabilities repaired in Patch Tuesday
Vulnerability experts call the Microsoft Remote Desktop Protocol flaws dangerous and say they should be quickly addressed by patching admins. News | 13 Mar 2012
-
Research into cryptographic system limitations crucial, RSA panel says
Researchers testing some of the most relied upon cryptographic algorithms are making progress in breaking them, according to experts on the 2012 RSA Conference Cryptographer’s Panel. News | 28 Feb 2012
-
Security startups to unveil new security technology at RSA 2012
One firm will leave RSA 2012 with the “Most Innovative” title, but industry experts say they all contribute in bringing the security industry up to par with sophisticated malware and hacking techniques. News | 16 Feb 2012
-
Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6. News | 03 Feb 2012
-
Adobe makes pitch for defensive security research to cripple exploit writing
Adobe security and privacy director Brad Arkin urges the security industry to develop technologies that make exploit writing costly. News | 03 Feb 2012
-
Symantec source code theft: Current products are safe, vendor says
The leak affected Symantec’s endpoint protection and corporate antivirus software. Symantec recommends customers ensure their products are up to date. News | 06 Jan 2012
-
Google tosses malicious Android apps from Android Market
A developer uploaded more than a dozen cloned games, wrapping them in code that caused device owners to accrue expensive text messaging charges to premium numbers. News | 13 Dec 2011
- See More: News on Secure application development and coding techniques
-
Sslstrip tutorial for penetration testers
Sslstrip is a powerful tool to extract sensitive credentials using HTTPS stripping. This sslstrip tutorial explains the working of sslstrip in-depth. Tip
-
Cyber security threats: Will your enterprise be the next victim?
The old cyber security model is crumbling in the face of new, advanced cyber security threats. A paradigm shift in the approach to cyber security is crucial. Tip
-
Web application security guidelines for developers
The best way to mitigate Web app flaws is to prevent them in the first place. Learn how with these Web application security guidelines for developers. Tip
-
Application security best practices for the cable industry
Application security and data privacy is a grave concern in the cable sector. Here’s a look at major application security threats and mitigation measures. Tip
-
Secure software development lifecycle: An approach for SMBs
Small businesses that lack the resources to implement the full MSDL can use its basic tenants to provide more secure software development. Tip
-
Secure SDLC best practices
While focus on technicalities is a given during the SDLC, this tip explains how to secure the SDLC, from the analysis phase right through to deployment. Tip
-
Application security hardening for mobile and embedded software
In this tip, application hardening tools and the use of obfuscation is discussed. Industry analysts talk about security trends with mobile devices and advise organizations to pay close attention to application security in order to protect their IPs. Tip
-
Virtual security: New attack vectors, new ballgame
With physical security, you don't have to consider breaches of virtual machines, utilities or virtual disk files. But virtualization creates new security risks and vulnerabilities. Tip
-
Essentials for effective Web application security assessment
A successful Web application security assessment requires more than just an adept auditor. Our expert column’s second part takes you through the criteria. Tip
-
Effective Web application security risk assessment in 12 steps
In the first part of this tip, we explore six of the 12 crucial components required to conduct a satisfactory Web application security assessment. Tip
- See More: Tips on Secure application development and coding techniques
-
Should static analysis be a part of the software development process?
When the cost of addressing security issues increases as the software design lifecycle proceeds, see why expert Michael Cobb says that using static analysis early on can benefit your bottom line. Ask the Expert
-
How can quality assurance tools aid software development?
There are an increasing number of tools aimed at improving software quality control and assurance, and they can certainly play a role in producing higher quality software. In this expert Q&A, Michael Cobb explains why the QA products may not be worth... Ask the Expert
-
How can gap analysis be applied to the security SDLC?
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis into software development, and how it can help stop data leaks at your enterprise. Ask the Expert
-
Which automated quality assurance tools can be used to test software?
If your application development process is not yet addressing security at all six phases of the lifecycle, now is the time to start. Application security expert Michael Cobb explains which quality assurance tools can help. Ask the Expert
-
NASSCOM (National Association of Software and Services Companies)
The National Association of Software and Services Companies (NASSCOM) is a not-for-profit Indian consortium created to promote the development of the country's IT (information technology) and business process outsourcing (BPO) industries. Definition
-
Data Security Council of India (DSCI)
The Data Security Council of India (DSCI) is a not-for-profit organization created to promote the country as a secure destination for information technology (IT) outsourcing. DSCI was founded by NASSCOM, an Indian IT-BPO (business process outsourcing... Definition
-
Sandboxing for secure app development: Adobe Reader’s 'protected view'
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we look at the components of Adobe Reader X’s sandbox. Photo Story
-
Metasploit and software vulnerability testing
Metasploit is a free tool that can be used to pen test for new and potentially damaging vulnerabilites. In this interview, H.D. Moore, creator of Metasploit, explains how the tool works and what it can contribute to software security. Video
-
Software security threats and employee awareness training
What are the newest threats to enterprise networks, and how can you subvert these emerging security threats? Greg Hoglund, CEO of HBGary and creator of the first rootkit, answers these questions. Video
-
The importance of secure software development training
At Information Security Decisions 2008, security researchers discuss secure application coding and how to teach best practices to young developers (part 4 of 4). Video
-
The importance of secure software development training
At Information Security Decisions 2008, security researchers discuss secure application coding and how to teach best practices to young developers (part 4 of 4). Video
-
Gary McGraw on secure software development
Gary McGraw of Cigital Inc. explains why better secure coding could help thwart future Web 2.0 attacks. He says the industry is making progress. Video
-
Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference
Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference. Tutorial
-
VMware downplays ESX hypervisor source code leak
Company says source code was leaked online but says may not mean increased risk. News
-
Hunting for application logic flaws requires people, expert says
Rafal Los, a software security expert and consultant with Hewlett Packard, says humans far outgun automated tools in the hunt for costly application logic flaws. News
-
Sandboxing for secure app development: Adobe Reader’s 'protected view'
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we look at the components of Adobe Reader X’s sandbox. Photo Story
-
Sandboxing for secure app development: Adobe Reader’s ‘protected mode’
As sandboxing emerges as an answer to legacy codebases with multiple vulnerabilities, we dissect Adobe Reader X’s sandbox to understand how sandboxing works. Tutorial
-
Web browser attacks aimed at plug-ins despite rise in flaws, IBM finds
An IBM report found a slight increase in browser-based vulnerabilities, but security features are driving attackers to target components rather than the browser itself. News
-
Exploit writing tutorial: Part 1
In the first part of our exploit writing tutorial, we take a look at the fine art of vulnerability discovery, fuzzing and usable techniques. Tutorial
-
Dangerous Microsoft RDP vulnerabilities repaired in Patch Tuesday
Vulnerability experts call the Microsoft Remote Desktop Protocol flaws dangerous and say they should be quickly addressed by patching admins. News
-
Research into cryptographic system limitations crucial, RSA panel says
Researchers testing some of the most relied upon cryptographic algorithms are making progress in breaking them, according to experts on the 2012 RSA Conference Cryptographer’s Panel. News
-
Security startups to unveil new security technology at RSA 2012
One firm will leave RSA 2012 with the “Most Innovative” title, but industry experts say they all contribute in bringing the security industry up to par with sophisticated malware and hacking techniques. News
- See More: All on Secure application development and coding techniques
About Secure application development and coding techniques
Generate secure code for your business applications with our comprehensive secure coding resources. Secure source code with application coding best practices. Ensure that your developers are writing secure code. Find all these and more secure coding best practices here.