Development
Worst languages for software security
- Albert Zenkoff
- 2016-01-19
- Technology, C/C++, Development, Java, languages, misleading, OWASP, philosophy, problem, quality, security promise, vulnerability, web application
I was sent an article about program languages that generate most security bugs in software today. The article seemed to refer to a report by Veracode, a company I know well, to discuss what software security problems are out there in applications written in different languages. That is an excellent question and a very interesting ...
Read More
Passwords and other secrets in source code
- Albert Zenkoff
- 2015-03-30
- Technology, certificates, code scanner, Development, embed, keys, secrets, source code
Secrets are bad. Secrets in source code are an order of magnitude worse. Secrets are difficult to protect. Every attacker goes after the secrets and we must protect our secrets against all of them. The secrets are the valuable part of our software and that’s why they are bad – they represent an area of ...
Read More
Google bots subversion
- Albert Zenkoff
- 2013-11-09
- Technology, application security, attack, bots, Development, firewall, Google, philosophy, secure by design, software, software design, software security, subversion, technology, unexpected
There is a lot of truth in saying that every tool can be used by good and by evil. There is no point in blocking the tools themselves as the attacker will turn to new tools and subvert the very familiar tools in unexpected ways. Now Google crawler bots were turned into such a weapon ...
Read More
Security Assurance vs. Quality Assurance
- Albert Zenkoff
- 2013-10-02
- Management, Development, philosophy, process, Quality Assurance, Security Assurance, software design, software security
It is often debated how Quality assurance relates to Security assurance. I have a slightly unconventional view of the relation between the two. You see, when we talk about the security assurance in software, I view the whole process in my head end to end. And the process runs roughly like this: The designer has ...
Read More
Password recovery mechanisms – Part 3
- Albert Zenkoff
- 2013-05-22
- Technology, advice, captcha, Development, general, guidance, guide, password management, password recovery, passwords, rules, software, software design, user information
Passwords remain the main means of authentication on the internet. People often forget their passwords and then they have to recover their access to the website services through some kind of mechanism. We try to make that so-called “password recovery” simple and automated, of course. There are several ways to do it, all of them ...
Read MorePassword recovery mechanisms – Part 2
- Albert Zenkoff
- 2013-05-21
- Technology, authentication, Development, general, guidance, guide, password database, password management, passwords, rules, secondary channel, software design, user information
Passwords remain the main means of authentication on the internet. People often forget their passwords and then they have to recover their access to the website services through some kind of mechanism. We try to make that so-called “password recovery” simple and automated, of course. There are several ways to do it, all of them ...
Read MorePassword recovery mechanisms – Part 1
- Albert Zenkoff
- 2013-05-21
- Technology, authentication, Development, dumpster diving, general, guidance, password management, passwords, protection, rules, secret questions, security design, software design, user information
Passwords remain the main means of authentication on the internet. People often forget their passwords and then they have to recover their access to the website services through some kind of mechanism. We try to make that so-called “password recovery” simple and automated, of course. There are several ways to do it, all of them ...
Read MoreCoverity reports on Open Source
- Albert Zenkoff
- 2013-05-08
- Management, coverity, Development, management, open source, quality, security scanning, software, source scan, vulnerability report
Coverity is running a source code scan project started by U.S. Department of Homeland Security in 2006, a Net Security article reports. They published their report on quality defects recently pointing out some interesting facts. Coverity is a lot into code quality but they also report security problems. On the other hand, any quality problem ...
Read MoreExodus from Java
- Albert Zenkoff
- 2013-04-09
- Technology, coding techniques, Development, false promise, general, inherent security, Java, languages, programming, secure software, sloppy, technology
Finally the news that I was subconsciously waiting for: the exodus of companies from Java has started. It does not come as a surprise at all. Java has never fulfilled the promises it had at the beginning. It did not provide any of the portability, security and ease of programming. I am only surprised it ...
Read More
SAMATE Reference Dataset
- Albert Zenkoff
- 2013-02-14
- Technology, Data set, Development, SAMATE, security, test, test cases, Tools, vulnerability database
Through the news we can become alerted to many interesting things and one of the recent useful bits is the SAMATE Reference Dataset built by NIST Software Assurance Metrics And Tool Evaluation project. Should you need information on common vulnerabilities test cases, the database has more than 80,000 test cases by now. From the project ...
Read MoreAbout the author
Albert Zenkoff
Managing corporate security in both technical and business sense in the context of long-term business strategy and sustainability.
For security consulting, training, certification and audit mail albert@aruberusan.com.
Share and stay updated
