Software Integrity

Archive for the 'Security Risk Assessment' Category

 

Does Software Quality Equal Software Security? It Depends.

Software quality and security assurance both concern risk to the organization, but they do so for different reasons. Risk might be mission critical such as software on a scientific robot crawling another planet. Or risk might be associated with sensitive financial information. In the first example the integrity of the software is paramount; it is […]

Continue Reading...

Posted in Code Review, CWE/SANS, Secure Coding Guidelines, Security Risk Assessment, Software Composition Analysis, Software Security Testing, Vulnerability Assessment | No Comments »

 

How to Create Clean Images for Corporate Hardware

Planning an IT initiative can present many challenges, one of which being the choice of software in the organization’s base computer images. When starting out small, it may make sense to buy machines off the shelf if expansion is not anticipated in the near future. However, choosing to do so often includes unwanted programs that add […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Security Risk Assessment | No Comments »

 

How to Assess the Risk of Seemingly Correct Software

As the prevalence of software continues to trend upwards with time, a common assumption is that it is becoming more feature-rich and reliable. However, most in the software industry wouldn’t hesitate to point out how difficult it actually is to achieve fully-working software. In fact, when calculating software risk, a key assumption is that it […]

Continue Reading...

Posted in Security Risk Assessment, Software Security Testing | Comments Off on How to Assess the Risk of Seemingly Correct Software

 

Embracing the Security Benefits of the Cloud Infrastructure

Originally posted on SecurityWeek. Less than ten minutes driving west from my home, you encounter a vast expanse of large, windowless buildings. Situated near them are impressive physical plants dedicated to cooling these buildings and providing back-up power in the case of a power failure. Whenever I drive past these complexes I always point them […]

Continue Reading...

Posted in Cloud Security, Security Risk Assessment, Vulnerability Assessment | Comments Off on Embracing the Security Benefits of the Cloud Infrastructure

 

Checklist: Take Control of Your Risk Management Process

The power of threat modeling is that it makes you think about your system’s specific characteristics. It allows you to gain visibility around weaknesses that pose significant impact to your entire organization. This checklist explores four key ways to use threat modeling to avoid sink holes in your risk management process. Identify threats that exist […]

Continue Reading...

Posted in Security Risk Assessment, Software Security Testing, Threat Modeling | Comments Off on Checklist: Take Control of Your Risk Management Process

 

Do You Believe the 7 Myths of Software Security Best Practices?

There’s no silver bullet for securing software. The reality is that security involves a multi-dimensional approach over an organization’s entire application portfolio. To bring truth to some of the most widespread security misconceptions, we’ve developed the seven myths of software security best practices. These myths explore how software security initiatives should work, and aren’t simply about how to […]

Continue Reading...

Posted in Maturity Model (BSIMM), Security Risk Assessment, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Do You Believe the 7 Myths of Software Security Best Practices?

 

Detection Strategies to Unmask the Source of Malicious Code

Let’s imagine you discover a string of suspicious code within one of your applications. Perhaps a routine scan by your application testing team finds a point of interest that indicates malcode, such as a time bomb or backdoor, has been inserted by a malicious insider within your software supply chain. First, you breathe a huge […]

Continue Reading...

Posted in Security Risk Assessment, Software Security Testing | Comments Off on Detection Strategies to Unmask the Source of Malicious Code