Software Integrity

Archive for the 'Code Review' Category

 

Zeroing in on Zero Days

Earlier this month WikiLeaks announced it had in its possession a cache of zero days allegedly from the Central Intelligence Agency. These unpatched vulnerabilities, it said, could affect Apple and Android devices (including TVs). It is suspected that exploitation of these vulnerabilities could allow the spy agency – or anyone else who knows about them […]

Continue Reading...

Posted in Code Review, Embedded Software Testing, Fuzz Testing, Network Security, Software Security Testing, Static Analysis (SAST) | No Comments »

 

Bug Elimination: Code Scanning, Fuzzing, and Composition Analysis

When it comes to software vulnerabilities, Dr. Jared DeMott knows his stuff. Formerly a vulnerability analyst with the National Security Agency (NSA), Dr. DeMott holds his Phd. from Michigan State University. He has been on three winning DEF CON capture-the-flag (CTF) teams and talks about his vulnerability research at conferences like DerbyCon, BlackHat, ToorCon, GrrCon, […]

Continue Reading...

Posted in Application Security, Code Review, Fuzz Testing, Software Composition Analysis, Software Security Testing, Static Analysis (SAST), Web Application Security | No Comments »

 

Why Secure Code Reviews Matter (and Actually Save Time!)

Modern websites and applications are feature-rich. They provide the user with an intuitive flow through business logic and data. Application developers write these features, rely on their operation, and may even re-use them in their code. Due to rapid, feature-driven development and code sharing, when a vulnerability is introduced in code (and goes undetected) it […]

Continue Reading...

Posted in Code Review, Vulnerability Assessment | Comments Off on Why Secure Code Reviews Matter (and Actually Save Time!)