Blog Posts Tagged with "Testing"


Understanding DevOps vs NoOps

April 14, 2012 Added by:Rafal Los

DevOps represents a fundamental shift in how applications are being delivered to the new 'web' via cloud, mobile and other channels. NoOps, as some understand it, effectively spells the end of the formal silos built around development, operations and quality testing teams...

Comments  (0)


Demystifying Binary Static Analysis

March 30, 2012 Added by:Fergal Glynn

One of my goals in this presentation is to make it clear that there is nothing source code analysis can do that binary analysis can’t. Binary analysis even has benefits over source code analysis. It may seem counter-intuitive, so you will want to see the presentation...

Comments  (0)


Application Security: Why is Everybody Always Picking on Me?

March 19, 2012 Added by:Fergal Glynn

The recent explosion in Mobile application development paints a clear picture of the modern development landscape. Not only in terms of the incredible speed of production, but perhaps more importantly, the widening gap between speed-to-market and software security quality...

Comments  (0)


EFF to European Parliament: Protect Coders’ Rights

March 05, 2012 Added by:Electronic Frontier Foundation

EFF asked Parliament to protect the rights of researchers and whistleblowers. In the course of fixing a problem they could inadvertently violate laws and by reporting a vulnerability researchers could risk exposure to a lawsuit or criminal investigation...

Comments  (1)


A Security Resolution for Developers

February 22, 2012 Added by:Bill Gerneglia

You can’t understand how applications will be attacked if you don’t know how they work. Applications ultimately transmit data and operate on hardware in a network. Developers need to understand protocols, dependencies, communications, encryption, and more...

Comments  (0)


Application Software and Security: A Tale of Two Market Sizes

February 19, 2012 Added by:Fergal Glynn

We spend 0.3% of what we pay for software on ensuring that it is secure. Now you can argue that manual testing is not included. However, even when you account for this variance, the gap in what we spend to buy software and what we spend to secure it is huge...

Comments  (0)


Smart Meter Security Testing

February 15, 2012 Added by:Spencer McIntyre

While reviewing the communication used by a couple of smart meters, it was found that the user did not have to properly authenticate himself to read certain pieces of data and that some data could be written to the device without the use of a proper C12.18 Security Request...

Comments  (0)


Will the Real IT Security Researcher Please Stand Up?

February 12, 2012 Added by:Rafal Los

Most security researchers are comfortable with identifying flaws and racing to be the first to find zero-day vulnerabilities. Is this productive? Isn’t erring human? If that is the case, why is it surprising to find flaws in new software or applications?

Comments  (2)


Wizard-Driven Software Security Testing

July 06, 2011 Added by:Rafal Los

The technology available today for testing your applications is quite complex, but many folks simply want to push the "magic security button" and get fast, accurate results. That's simply impossible, but the requirements continue to demonstrate this want. So what do we do?

Comments  (0)


Think You Can’t Afford Code/App Testing? Think Again...

May 19, 2011 Added by:Brent Huston

Today, you have a plethora of code review automation tools and source code scanners. These tools make an easy way to pick the low hanging (and sometimes higher) vulnerabilities out of your code long before it is exposed to malicious outsider/insider contact...

Comments  (1)


Software Security - Just Over the Horizon

March 31, 2011 Added by:Rafal Los

Things like Cross Site Scripting (XSS), SQL Injection, buffer overflow, access violation, race conditions and other variations are tested for using static analysis, dynamic analysis and some of the forthcoming hybrid technology. As an industry we're getting better at pattern-based security testing...

Comments  (0)


Implementing Complex Systems for Testing Application Logic

March 07, 2011 Added by:Rafal Los

Creating a system or a testing framework which can appropriately enable a previously entirely manual process is tricky - and while fully automating the finding of logic flaws may still be beyond our reach the research and ideas presented herein are steps forward to that direction...

Comments  (0)


Road Map for an Application/Software Security Architect (Part 3)

November 11, 2009 Added by:Stephen Primost

Risk assessments for application software is not a matter of a quick penetration test nor a matter of code reviews at a single point in time. It is a process of moving through the application/solution's Software Development Life Cycle (SDLC) and evaluating the results of the controls that are put in place at each phase. Whether it is waterfall, or agile method, waiting for the end of the final del...

Comments  (0)

Page « < 1 - 2 - 3 > »