Why is so much software so insecure? You can blame Mark Zuckerberg. No. Really.
Here are a couple, seemingly contradictory facts: we, as an industry, understand much, much more about how to write software securely today than we did ten years ago. And – fact number two: there’s far more, insecure software being written today than there was ten years ago. Why?
A few days ago Duck Duck Go, the search engine that advocates privacy and opposes tracking of any sort, released an awesome guide for Data Privacy Day. Their guide outlines how to prevent your browser from tracking you in any way possible.
Enterprises are more dependent than ever on S.O.U.P. – software of unknown pedigree. Too often, however, it’s a thin broth, security-wise. Enter the S.O.U.P. Nazi!
Still looking for the right New Year’s Resolution? We’ve got one for you: develop secure web browsing habits. Given the range of threats facing Internet users today, it is critical that users learn to protect themselves while browsing the web. Our second post in our “Cybersecurity 101” series offers our recommendations for browsing the Internet safely.
There’s a lot to dislike in the National Defense Authorization Act (NDAA) if you’re a civil libertarian. But the big, flawed bill that President Obama signed this month has a lot to like when it comes to security.
When it comes to our dynamic scanning customers our goal, in addition to a high quality report of your code’s vulnerabilities; is to also perform these scans as quickly and efficiently as we can. While there are a variety of metaphorical bumps in the road that can occur in this post we will be focusing on one we’ve seen quite a bit lately. The problem arises when our dynamic scanner hits a wall in the form of a [java applet/flash-based form/activex] or any function that is non-dom based or in other words Non-Standard Authentication. Our dynamic scanner is built to find flaws in dom-based programs and if we hit these types of walls it can adversely affect our ability to complete your scans in a timely fashion.
Paul Roberts has just officially launched his latest project in the form of IT Security news site The Security Ledger. A regular contributor to the Veracode blog and former editor of Threatpost, Paul is a well known and respected name in infosec journalism. The Security Ledger describes itself as –
Lots of software companies make buggy products. But researchers are finding that software security problems often run in the family.