The problem of standard vulnerability management is well known, Windows patches come out the second Tuesday of every month and then it’s a scramble to figure out which ones have to be applied to which systems and if they...
SQL Injection is a common type of web database related vulnerability. SQL injection is common to web site applications that interact with a database backend. These sites construct SQL commands or queries based on user...
SQL Injection is a common type of web database related vulnerability. SQL injection is common to web site applications that interact with a database backend. These sites construct SQL commands or queries based on user...
SQL Injection is a common type of web database related vulnerability. SQL injection is common to web site applications that interact with a database backend. These sites construct SQL commands or queries based on user...
Here is another article to keep up with the theme of centralizing information security functionality. The security functions that may be centralized effectively are: input and data validation, auditing and logging, and error...
The preferred approach to validating input is to constrain what you allow from the beginning. It is much easier to validate data for known valid types, patterns, and ranges than it is to validate data by looking for known...
It is important that configuration management functionality is accessible only by authorized operators and administrators. A key part is to enforce strong authentication over your administration interfaces, for example, by...
Last week, I grumbled over the fact that a student can graduate with a Computer Science and Software Engineering degree and had zero exposure to software security . Huh? Doesn’t our society and business literally run on...
For years everyone from Mary Ann Davidson (CSO or Oracle) to OWASP to DHS (in their “Build Security In” initiative with SEI) have been bemoaning the fact that our universities do not adequately train software engineering...
When developing an application, it is best to define security objectives and requirements early in the process. Security objectives are goals and constraints that affect the confidentiality, integrity, and availability of...
