- A Brief History of (Internet) Time: From the Beginnings of Malicious Code to Their Likely Future
- Jul 21, 2008
- Randy Nash looks at the complex relationship between computing power, the growth of the Internet, and the changes in malicious code over time.
|
- Software [In]security: Application Assessment as a Factory
- Jul 17, 2008
- Gary McGraw explains how creating an application assessment factory can salvage the power of the cost per defect metric while mitigating the potential for its misuse.
|
- Data Theft: How Big a Problem?
- Jun 30, 2008
- Michael Miller discusses how data theft happens, where the data goes, and to what extent it is a problem.
|
- Why Is Security a Software Issue?
- Jun 2, 2008
- This chapter discusses why security is increasingly a software problem.
|
- Software [In]security: Securing Web 3.0
- May 15, 2008
- Gary McGraw warns that we haven't yet solved (or even considered) some of the serious security issues involved with Web 3.0.
|
- Bluetooth Security Risks in Business
- May 9, 2008
- Nico Darrow tells you how to keep yourself safe from Bluetooth hackers.
|
- Software [In]security: Paying for Secure Software
- Apr 7, 2008
- Gary McGraw kicks off his new monthly column by showing how the added costs of developing secure software can be more than offset by lower TCO down the road.
|
- The Real Cost of Insecure Software: The Foundation of Civilization
- Dec 28, 2007
- David Rice discusses the perilous state of software security in this introduction to his book, Geekonomics.
|
- Game Hacking 101
- Nov 21, 2007
- Gary McGraw and Greg Hoglund describe discuss techniques to prevent piracy and cheating in online games.
|
- Fuzzing Frameworks
- Nov 16, 2007
- The authors of Fuzzing explore a number of open source fuzzing frameworks available today, including SPIKE, Autodafé, and GPF.
|
- Preparing for a FISMA Security Audit
- Nov 16, 2007
- How do you prepare for an audit, and what do you do when the findings are issued? Randy Nash examines how to survive the audit gauntlet.
|
- Static Analysis as Part of the Code Review Process
- Nov 16, 2007
- Learn why static analysis tools should be part of your security code review process.
|
- Cyber Warfare: Reality or Box Office Hit?
- Sep 28, 2007
- Randy Nash searches for a working definition of cyber warfare, looks at the historical profile of attacks, and discusses the potential of a devastating electronic Pearl Harbor.
|
- ID Theft: Before and After
- Sep 21, 2007
- Learn how to protect yourself from identity theft.
|
- Is There a Security Problem in Computing?
- Dec 29, 2006
- This sample chapter examines what kinds of vulnerabilities computing systems are prone to. It then considers why these vulnerabilities are exploited, who is involved, and how to prevent possible attacks on systems.
|
- Mitigating the Security Risks of SSH
- Aug 25, 2006
- John Tränkenschuh describes ways to create a solid security plan to lessen the unknown factors of SSH security.
|
- SSH Issues: Does Installing SSH Enable More Exploits Than it Solves?
- May 26, 2006
- SSH, the wonder tool of the security set, is misused by your users more easily and more often than you may think. John Traenkenschuh points out how well-intentioned administrators are using SSH to create gaping holes in their own security, and what you can do about it.
|
- The Role of Architectural Risk Analysis in Software Security
- Mar 3, 2006
- Design flaws account for 50% of security problems. You can’t find design defects by staring at code—a higher-level understanding is required. That’s why architectural risk analysis plays an essential role in any solid software security program. Find out more about architectural risk analysis in this sample chapter.
|
- Measuring the Effectiveness of Application Security Policies
- Jan 13, 2006
- Just because a package has few REPORTED vulnerabilities, that doesn't mean that it actually HAS few vulnerabilities, or address the severity of the holes that are reported. In this article Chisnall argues the true measure of security is what happens once a vulnerability is found.
|
- Secure Coding in C and C++: Strings
- Dec 1, 2005
- Strings—such as command-line arguments, environment variables, and console input—are of special concern in secure programming because they comprise most of the data exchanged between an end user and a software system. This chapter covers the security issues with strings and how you can sidestep them.
|