Company Recognized by Loudoun County Chamber of Commerce at Annual Awards Banquet Fairfax, Va., November 21, 2010 — Coveros, Inc., a company that helps organizations accelerate the delivery of secure and reliable software, today announced its selection as the Small Technology Business of the Year by the Loudoun County Chamber of Commerce. The Loudoun County […]
I’ve previously written about PMD, a static code analysis tool that examines Java source files and can detect potential problems. Another significant piece of PMD is called CPD, the copy/paste detector. CPD can look through Java, JSP, C, C++, Fortran, or PHP source code files and find sections of code that are repeated. By using CPD […]
Coveros recently published an article in the March/April 2010 edition of CrossTalk. The article is entitled “Building Security In Using Continuous Integration.” Building security into software is harder than it should be. This article explores a way to align application security practices with other software development best practices in order to make building security in […]
13 New Customers Drive Corporate Growth in a Down Economy Fairfax, Va., February 22, 2010 — Coveros, the market leader in the delivery of secure, reliable software, announced today that it achieved record growth in 2009, increasing revenue 135% over 2008. The company’s success is driven by significant new business growth in both the commercial […]
As of my last article on XSS, the OWASP organization has released a new Top 10 for 2010 and has placed injection attacks in the number 1 spot. Now that XSS and SQL injection flaws have flipped spots, I will continue the article series using the new Top 10 list. You can find the new OWASP Top 10 […]
In my introductory article, I discussed explaining each vulnerability in the OWASP Top 10 for you. The first on the list is Cross-Site Scripting (XSS). Websites today are very advanced and they contain lots of dynamic content. Dynamic content is information on a web site that is generated on the fly. Dynamic content is usually seen on forums, […]
While performing software security assessments I have all too often run into developers that are constantly trying to explain away vulnerability findings. They spend way too much time trying to justify the code they have written and explain why it doesn’t need to be changed. All kinds of reasons are given. For example, the access […]
The Open Web Application Security Project (OWASP) is a worldwide community focusing on improving the security of web applications. One project developed by OWASP is the OWASP Top 10, which is a list of the most serious web application vulnerabilities. Obviously, there are innumerable ways to hack a web application but this list contains the most common and […]
PMD is a static code analysis tool that examines Java source files and can detect potential problems such as code style issues, code defects, race conditions and even security holes. It provides an inexpensive way to avoid the tedium of repeatedly reviewing a large code base. PMD can also find other types of problems, such as, dead […]
If your software is becoming unwieldy, inflexible or inelegant, a good place to start exploring for improvements is in the level of refactoring that is being performed on the code on a day-to-day basis. As a project manager, I learned some key patterns of behavior that served as sure signs that not enough refactoring was […]
