Brogrammer Killed The Requirements Engineering Star

Why is so much software so insecure? You can blame Mark Zuckerberg. No. Really.

Here are a couple, seemingly contradictory facts: we, as an industry, understand much, much more about how to write software securely today than we did ten years ago. And – fact number two: there’s far more, insecure software being written today than there was ten years ago. Why?

Wanted: Software S.O.U.P. Nazis

Enterprises are more dependent than ever on S.O.U.P. – software of unknown pedigree. Too often, however, it’s a thin broth, security-wise. Enter the S.O.U.P. Nazi!

Tips for Secure Web Browsing: Cybersecurity 101

Still looking for the right New Year’s Resolution? We’ve got one for you: develop secure web browsing habits. Given the range of threats facing Internet users today, it is critical that users learn to protect themselves while browsing the web. Our second post in our “Cybersecurity 101” series offers our recommendations for browsing the Internet safely.

Understanding Functionality in Dynamic Scanning

When it comes to our dynamic scanning customers our goal, in addition to a high quality report of your code’s vulnerabilities; is to also perform these scans as quickly and efficiently as we can. While there are a variety of metaphorical bumps in the road that can occur in this post we will be focusing on one we’ve seen quite a bit lately. The problem arises when our dynamic scanner hits a wall in the form of a [java applet/flash-based form/activex] or any function that is non-dom based or in other words Non-Standard Authentication. Our dynamic scanner is built to find flaws in dom-based programs and if we hit these types of walls it can adversely affect our ability to complete your scans in a timely fashion.

The Security Ledger Officially Launches

Paul Roberts has just officially launched his latest project in the form of IT Security news site The Security Ledger. A regular contributor to the Veracode blog and former editor of Threatpost, Paul is a well known and respected name in infosec journalism. The Security Ledger describes itself as –

1 2