OWASP Top 10 – SQL Injection

As of my last article on XSS, the OWASP organization has released a new Top 10 for 2010 and has placed injection attacks in the number 1 spot. Now that XSS and SQL injection flaws have flipped spots, I will continue the article series using the new Top 10 list. You can find the new OWASP Top 10 […]

Read more
OWASP Top 10 – Cross-Site Scripting (XSS)

In my introductory article, I discussed explaining each vulnerability in the OWASP Top 10 for you. The first on the list is Cross-Site Scripting (XSS). Websites today are very advanced and they contain lots of dynamic content. Dynamic content is information on a web site that is generated on the fly. Dynamic content is usually seen on forums, […]

Read more
Three Questions Developers Need To Ask

While performing software security assessments I have all too often run into developers that are constantly trying to explain away vulnerability findings. They spend way too much time trying to justify the code they have written and explain why it doesn’t need to be changed. All kinds of reasons are given. For example, the access […]

Read more
Web Application Security: OWASP Top 10

The Open Web Application Security Project (OWASP) is a worldwide community focusing on improving the security of web applications. One project developed by OWASP is the OWASP Top 10, which is a list of the most serious web application vulnerabilities. Obviously, there are innumerable ways to hack a web application but this list contains the most common and […]

Read more
We want your feedback for SecureCI!

Do you have ideas for the next version of SecureCI? Is some tool or feature missing that would make the product better? Something we could have done differently that would make it more useful? We’ve set up a forum at uservoice to make it easy for you to give us feedback. Whether it is a suggestion, new […]

Read more
Code Analysis with PMD

PMD is a static code analysis tool that examines Java source files and can detect potential problems such as code style issues, code defects, race conditions and even security holes. It provides an inexpensive way to avoid the tedium of repeatedly reviewing a large code base. PMD can also find other types of problems, such as, dead […]

Read more
Hey, Project Manager, Time To Refactor!

If your software is becoming unwieldy, inflexible or inelegant, a good place to start exploring for improvements is in the level of refactoring that is being performed on the code on a day-to-day basis. As a project manager, I learned some key patterns of behavior that served as sure signs that not enough refactoring was […]

Read more
Introducing SecureCI

SecureCI is an open-source continuous integration solution. We’ve assembled a number of open-source tools that we use, installed them in a VMware image and configured them to work together. SecureCI is packaged as a virtual machine that can be run with the VMware Player that way you can be up and running in minutes without […]

Read more
Coveros Releases SecureCI Software Product

Open Source Continuous Integration Product Lowers the Cost of Delivering Secure Software Herndon, Va., September 3, 2009 — Coveros, Inc., a company that helps organizations accelerate the delivery of secure, reliable software, today announced the release of its first secure software development product, SecureCITM. SecureCI provides organizations with an integrated suite of open source tools […]

Read more
Three Preparations For A Software Security Assessment

If your development group or organization has an upcoming software security assessment scheduled here are three things to think about while making your preparations. Assets (Dependencies) – Be sure that you have all application assets together that are needed to build the application. If the assessment will be done in your test/development area then this will […]

Read more
X