- Minding Your P's: Points to Ponder When Implementing Information Security Controls
- Apr 23, 2013
- Information security expert Randy Nash explains how the relevant parameters that are important in finding the right balance between security and ease of policy implementation.
|
- Secure By Design? Techniques and Frameworks You Need to Know for Secure Application Development
- Dec 19, 2012
- What do you know about developing secure robust software? Randy Nash discusses several available techniques and frameworks for secure application development.
|
- An Insider's Look into the 2012 Mid-Atlantic Collegiate Cyber Defense Challenge
- May 15, 2012
- Brad Bowers takes an insider look into the 2012 Mid-Atlantic Collegiate Cyber Defense Challenge that faces off hardened penetration testers against defending college teams in this annual cyber attack and defend competition.
|
- Software [In]security: vBSIMM Take Two (BSIMM for Vendors Revised)
- Jan 26, 2012
- Gary McGraw and Sammy Migues introduce a revised, compact version of the BSIMM for vendors called vBSIMM, which can be thought of as a foundational security control for vendor management of third-party software providers.
|
- Software [In]security: BSIMM versus SAFECode and Other Kaiju Cinema
- Dec 26, 2011
- Gary McGraw and Sammy Migues clarify the intended use of the Building Security In Maturity Model (BSIMM) and compare it to the SAFECode Practices methodology.
|
- PKI: Broken, But Fixable
- Nov 30, 2011
- The public key infrastructure (PKI) used for securing the Web has recently been found to be much less secure than was previously thought. David Chisnall discusses some of the flaws in the design and some potential solutions.
|
- Software [In]security: Third-Party Software and Security
- Nov 30, 2011
- How do you gauge the security of third-party code? A recent security conference examined that question, and Gary McGraw presents the findings in this article.
|
- Software [In]security: Software Security Training
- Oct 31, 2011
- Gary McGraw and Sammy Migues describe how training has changed, provide data showing it's importance, and explain why it's important to pick the right training for your organization's needs.
|
- Security Blanket or Security Theater?
- Oct 13, 2011
- This chapter explains how to better identify true threats from accidents and measure your vulnerability to either.
|
- Software [In]security: BSIMM3
- Sep 27, 2011
- BSIMM3 is the third iteration of the Building Security In Maturity Model (BSIMM) project, a tool used as a measuring stick for software security initiatives in the corporate world. Gary McGraw describes the BSIMM3 along with Brian Chess and Sammy Migues.
|
- Software [In]security: Balancing All the Breaking with some Building
- Aug 30, 2011
- Security expert Gary McGraw argues that the software security industry is favoring offense at the expense of defense, and that more proactive defense is needed.
|
- Securing a Web App at the Last Minute
- Jul 26, 2011
- While consumers and the media are increasingly aware of the risks to confidential information over web apps, firms still tend to focus on development, leaving data security until just before the go-live date. Ajay Gupta points out that last-minute steps are available to improve the security of your apps before launching them onto the Internet.
|
- Software [In]security: Software Security Zombies
- Jul 21, 2011
- Software security expert Gary McGraw reviews some of the most important security concepts — before they eat your (network's) brains.
|
- Software [In]security: Partly Cloudy with a Chance of Security
- Jun 17, 2011
- Security expert Gary McGraw provides some issues to consider when it comes to adoption of cloud services and their impact on security in your organization.
|
- Software [In]security: Computer Security and International Norms
- May 30, 2011
- The Obama administration recently released its "International Strategy for Cyberspace" outlining America's ideals and strategies for cyberspace. Security expert Gary McGraw explains why he thinks the document is promising in its effort to make our national goals and policies clear when it comes to cyberspace.
|
- Software [In]security: vBSIMM (BSIMM for Vendors)
- Apr 12, 2011
- How do you ensure that your third-party software vendors practice good software security? Software security expert Gary McGraw explains how the Building Security In Maturity Model can play a central role in this effort.
|
- Software [In]security: Modern Malware
- Mar 22, 2011
- Software security expert and author Gary McGraw looks at where malware is heading — and what we should do about it.
|
- Software [In]security: Software Patents and Fault Injection
- Feb 28, 2011
- Gary McGraw explains how another party may get a patent on a technique he had a hand in inventing.
|
- Firesheep, Fireshepherd, and Facebook: Understanding Session Hijacking
- Feb 22, 2011
- Mike Chapple shows you how web authentication makes session hijacking possible, how Firesheep exploits these vulnerabilities, and the measures that website administrators, web developers, and end users can take to protect against session hijacking attacks.
|
- Encryption 101: Keys, Algorithms and You
- Feb 15, 2011
- Mike Chapple shows how to protect confidential information via encryption, and teaches the basics when it comes to selecting an encryption technology.
|