An on-going theme I see on Security sites is the controversy around ‘Security through Obscurity’ which is generally felt to be a bad thing. So the justification of this tends to be something along the lines of ‘Don’t think that because you’ve not put a great big link to /supersecretfunctionality on the front page of […]
Most of the questions I got after my talk were around how people can look to secure their application. I mentioned a couple of sites and it’s probably worth expanding on the points made. Web Application Security For people looking to understand how to secure their web applications, in my opinion the best source of […]
There’s a post over at the Microsoft %41%43%45%20%54%65%61%6d blog about their new Hello secure world resource. When I saw this I thought I’d go over to the site and take a look around, as Microsoft have released some great information about developer security in the past and it’s an area of interest for me at […]
It’s the time of year for New resolutions, so I was thinking about what security people could do differently to help make 2008 better than 2007 for software security. One thing I came up with. Speak to your purchasing people (if you’ve got some) or anyone else who approves software purchases in your company and […]
Well as is kinda traditional in December various security bloggers have started predicting what 2008 will bring (there’s some interesting thoughts and and links to more predictions here). For my 0.02 of your local currency, I think that next years big topic will be Software Security. A lot of the things we’re seeing happen in […]
ryanlrussell: Vulnerability Pimps Some very interesting commentary which follows on from a posting on Marcus Ranums site here which is in itself very interesting.. All good stuff if your interested in Software security but the piece that caught my eye is right at the end of the comments section I’m hearing from the vulnerability pimps […]
Windows_Vista_Security_Model_Analysis.pdf (application/pdf Object) Symantec’s analysis of the Vista Security Model. Another one to read when I get some time.
Ethical Hacking and Computer Forensics: Fuzzers – The ultimate list Link to a cool list of fuzzers which could be very useful for doing application security reviews.
Security Briefs: Security Enhancements in the .NET Framework 2.0 — MSDN Magazine, Visual Studio 2005 Guided Tour Interesting looking developer-level view of some of the new security related features in .NET 2
Comments: 0