Posted by Chris Wysopal in RESEARCH, February 25, 2011 |
Technical Debt
Architects and developers are well aware of the term technical debt but many in the security community have never heard of this concept. Ward Cunningham, a programmer who developed the first wiki program, describes it like this:
Shipping first time code is like going into debt. A little debt speeds development so long as it is paid back promptly with a rewrite… The danger occurs when the debt is not repaid. Every minute spent on not-quite-right code counts as interest on that debt. Entire engineering organizations can be brought to a stand-still under the debt load of an unconsolidated …
Posted by Isaac Dawson in RESEARCH, February 22, 2011 |
As a web developer you’re always told you need to keep up to date on the latest and greatest technologies. Usually this is for creating applications which can take advantage of new technologies to deliver a better experience to your users. However, I think there is another angle to this, in particular; Code Rot. Code rot is basically where code becomes ignored, neglected or the environment in which it operates evolves and changes into something that was not foreseen when the code was originally created. In some cases code rot can lead to vulnerabilities.
I like to consider myself a “web …
Posted by Chris Eng in RESEARCH, February 22, 2011 |
The 3rd Annual Social Security Blogger Awards were announced last week during the RSA Conference in San Francisco. Veracode received two awards, one for Best Corporate Blog and the other for Best Security Blog Post of the Year. Here is a list of all the nominees and the award winners. It’s always an honor to be recognized by peers, so on behalf of all the Veracode bloggers, thank you for reading — and for your votes!
Veracode Security Guides
SQL Injection
CSRF
Cross-Site Scripting
Data Security Resources
Data Leak
Security Breach
Data Security
Posted by Fergal Glynn in INFOGRAPHICS, February 2, 2011 |
In the News of the World infographic, Veracode examines the scandal’s key players and shows a timeline of incredulous events that involve a “who’s who” of the rich and famous. It also summarizes some of the techniques News of the World reporters used to pull off nefarious schemes including bribery, cracking insecure passwords, caller ID spoofing and social engineering.
Subscribe by RSS 
