The Top 10 Mobile Application Risks, or “Mobile App Top 10” for short, is designed to educate developers and security professionals about the mobile application behavior that puts users at risk. This behavior can be maliciously designed or inadvertent. Modern mobile applications run on mobile…

Gartner analyst Neil MacDonald has written that Byte Code Analysis is not the Same as Binary Analysis. He describes the difference between statically analyzing binary code, which runs on an x86, ARM, or SPARC CPU, and statically analyzing bytecode, which runs on a virtual machine such as the Java…

Today is a very exciting day for software security. The CWE/SANS Top 25 Most Dangerous Programming Errors is being released. I was one of the 41 contributors to the Top 25 Errors. The list of possible programming errors that can end up causing a vulnerability in an application is immense. The MITRE…

A lot of the focus of the MBTA vs MIT case has been discussion of the CharlieCards. These are MiFare classic cards which have been known to be broken earlier this year. There is also a paper disposable card called the CharlieTicket that uses a magnetic stripe. The MIT students presentation states…

There has been some talk in the press lately about backdoors due to the recent court case where it was disclosed that federal agents planted a keystroke logger on a suspect’s computer using a trojan program. Many of the articles don’t report on the court case but raise the question as Declan…