Home > Articles > Security > Software Security

Software Security

RSS Feed Subscribe to this topic  RSS details

124 Items

Sort by Date | Title

A Brief History of (Internet) Time: From the Beginnings of Malicious Code to Their Likely Future
By Randy Nash
Jul 21, 2008
Randy Nash looks at the complex relationship between computing power, the growth of the Internet, and the changes in malicious code over time.
Software [In]security: Application Assessment as a Factory
By Gary McGraw
Jul 17, 2008
Gary McGraw explains how creating an application assessment factory can salvage the power of the cost per defect metric while mitigating the potential for its misuse.
Data Theft: How Big a Problem?
By Michael Miller
Jun 30, 2008
Michael Miller discusses how data theft happens, where the data goes, and to what extent it is a problem.
Why Is Security a Software Issue?
By Gary McGraw, Julia H. Allen, Sean Barnum, Robert J. Ellison, Nancy R. Mead
Jun 2, 2008
This chapter discusses why security is increasingly a software problem.
Software [In]security: Securing Web 3.0
By Gary McGraw
May 15, 2008
Gary McGraw warns that we haven't yet solved (or even considered) some of the serious security issues involved with Web 3.0.
Bluetooth Security Risks in Business
By Nico Darrow
May 9, 2008
Nico Darrow tells you how to keep yourself safe from Bluetooth hackers.
Software [In]security: Paying for Secure Software
By Gary McGraw
Apr 7, 2008
Gary McGraw kicks off his new monthly column by showing how the added costs of developing secure software can be more than offset by lower TCO down the road.
The Real Cost of Insecure Software: The Foundation of Civilization
By David Rice
Dec 28, 2007
David Rice discusses the perilous state of software security in this introduction to his book, Geekonomics.
Game Hacking 101
By Gary McGraw, Greg Hoglund
Nov 21, 2007
Gary McGraw and Greg Hoglund describe discuss techniques to prevent piracy and cheating in online games.
Fuzzing Frameworks
By Adam Greene, Pedram Amini, Michael Sutton
Nov 16, 2007
The authors of Fuzzing explore a number of open source fuzzing frameworks available today, including SPIKE, Autodafé, and GPF.
Preparing for a FISMA Security Audit
By Randy Nash
Nov 16, 2007
How do you prepare for an audit, and what do you do when the findings are issued? Randy Nash examines how to survive the audit gauntlet.
Static Analysis as Part of the Code Review Process
By Brian Chess, Jacob West
Nov 16, 2007
Learn why static analysis tools should be part of your security code review process.
Cyber Warfare: Reality or Box Office Hit?
By Randy Nash
Sep 28, 2007
Randy Nash searches for a working definition of cyber warfare, looks at the historical profile of attacks, and discusses the potential of a devastating electronic Pearl Harbor.
ID Theft: Before and After
By Randy Nash
Sep 21, 2007
Learn how to protect yourself from identity theft.
Is There a Security Problem in Computing?
By Charles P. Pfleeger, Shari Lawrence Pfleeger
Dec 29, 2006
This sample chapter examines what kinds of vulnerabilities computing systems are prone to. It then considers why these vulnerabilities are exploited, who is involved, and how to prevent possible attacks on systems.
Mitigating the Security Risks of SSH
By John Traenkenschuh
Aug 25, 2006
John Tränkenschuh describes ways to create a solid security plan to lessen the unknown factors of SSH security.
SSH Issues: Does Installing SSH Enable More Exploits Than it Solves?
By John Traenkenschuh
May 26, 2006
SSH, the wonder tool of the security set, is misused by your users more easily and more often than you may think. John Traenkenschuh points out how well-intentioned administrators are using SSH to create gaping holes in their own security, and what you can do about it.
The Role of Architectural Risk Analysis in Software Security
By Gary McGraw
Mar 3, 2006
Design flaws account for 50% of security problems. You can’t find design defects by staring at code—a higher-level understanding is required. That’s why architectural risk analysis plays an essential role in any solid software security program. Find out more about architectural risk analysis in this sample chapter.
Measuring the Effectiveness of Application Security Policies
By David Chisnall
Jan 13, 2006
Just because a package has few REPORTED vulnerabilities, that doesn't mean that it actually HAS few vulnerabilities, or address the severity of the holes that are reported. In this article Chisnall argues the true measure of security is what happens once a vulnerability is found.
Secure Coding in C and C++: Strings
By Robert Seacord
Dec 1, 2005
Strings—such as command-line arguments, environment variables, and console input—are of special concern in secure programming because they comprise most of the data exchanged between an end user and a software system. This chapter covers the security issues with strings and how you can sidestep them.

<< < Prev Page 2 3 4 5 6 Next >