Site Archive (Complete)
ABOUT US | CONTACT | ADVERTISE | SUBSCRIBE | SOURCE CODE | CURRENT PRINT ISSUE | NEWSLETTERS | RESOURCES | BLOGS | PODCASTS | CAREERS
Security Blog
Security
Blog Home | Department Home | More Blogs |
LOCK IT UP

... Keys to Better Security

by Neil Rerup
October 31, 2006

Implementation of the SDL in Industry: Symantec


I ran across an interesting news release from Symantec the other day. Symantec had a Market Research company do some research into Application Security and how organizations were implementing Application Security into their development processes. The results were interesting, though not very surprising.

Continue reading "Implementation of the SDL in Industry: Symantec"

Posted at 11:54 AM  Permalink |


October 27, 2006

Code Signing vs Code Hashing


Once you’ve made sure that your application has been written in a secure manner you have one last step to occur. You need to ensure that the Application that is located in the Production environment is the one that you have approved. In other words, you need a mechanism to ensure that Applications aren’t changed without going through a proper Change Mgmt process. That process would be Code Signing

Continue reading "Code Signing vs Code Hashing"

Posted at 04:51 PM  Permalink |


October 24, 2006

Security Testing: The Last Stage of the SDL


When most people think about Application Security, they don’t think about a Security Development Lifecycle. What they think about is Testing Applications after they’ve been written to see if they’ve been written securely. Nice idea but, if you’ve been keeping up with this blog, you understand the need for the full SDL. That said, it’s now time to actually talk about Application Security Testing.

Continue reading "Security Testing: The Last Stage of the SDL"

Posted at 03:40 AM  Permalink |


October 09, 2006

Checklists - Standardizing Architecture Reviews


Once an Architecture is done, it’s time to review it to make sure it covers all aspects of the Threats and Risks that the Application needs to deal with. But how thoroughly the Architecture gets reviewed is based on the person that is doing the reviewing. How well I review the Architecture is different from how well a novice would review the Architecture. And that’s where Checklists come in.

Continue reading "Checklists - Standardizing Architecture Reviews"

Posted at 11:59 AM  Permalink |


September 26, 2006

Review: Microsoft's Threat Modeling Tool


In my previous Blog, I went over the importance of doing Threat Modeling prior to putting together your Architecture in order to understand the threats and risks that you need to deal with. But this is primarily a manual process. One of the tools that I’ve run across is Microsoft’s Threat Modeling tool, which can assist in the development of your Threat Model. Plus it has the added benefit of being free. That said, remember that you get what you pay for.

Continue reading "Review: Microsoft's Threat Modeling Tool"

Posted at 11:39 AM  Permalink |


September 19, 2006

Threat Modeling: The First Step in Architecting


Before you start to develop your Architecture, you need to take a close look at the Threats that will put your Application at Risk. To do that, you need to start the process of Threat Modeling.

Continue reading "Threat Modeling: The First Step in Architecting"

Posted at 03:58 AM  Permalink |


September 08, 2006

Business Requirements: The SDL driver.


Typically, when you start putting together an Architecture, you start off by gathering the business requirements that are driving the project. In the case of Application Security, this isn’t any different.

Continue reading "Business Requirements: The SDL driver."

Posted at 08:16 AM  Permalink |


September 01, 2006

How to Protect Your Intellectual Property? DRM!


I was going to expand on my last blog about the SDL but I've had all sorts of questions this week from numerous different sources that asked the same question: How do you protect your Application Intellectual Property? My answer: DRM

Continue reading "How to Protect Your Intellectual Property? DRM!"

Posted at 01:07 AM  Permalink |


August 28, 2006

The Importance of SDL


One of the first things that I came to understand is that looking at Application Security requires looking at the entire Software Engineering process rather than just one area, such as the Testing and Review phase. As a result, my advice to you is to develop a full Secure Development Lifecycle (SDL).

Continue reading "The Importance of SDL"

Posted at 12:43 AM  Permalink |


August 23, 2006

Introduction to Lock It Up


When I started thinking about writing this Blog, I asked myself what type of information could I provide to everyone that would be interesting? Could I provide Web Services Security information? Could I write about the correct way to code a function? Could I go into specific technologies around Application Security like XML Firewalls and Federation?

Continue reading "Introduction to Lock It Up"

Posted at 06:28 PM  Permalink |



November 2007
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  


BLOGROLL
 
INFO-LINK


| All Feeds
© 2008 Think Services, Privacy Policy, Terms of Service, United Business Media LLC
Comments about the web site: webmaster@ddj.com
Related Sites: DotNetJunkies, SD Expo, SqlJunkies