Abuse Cases
Gary McGraw describes several best practices for building secure software. One is the use of so-called abuse cases. Since his chapter on abuse cases left me hungry for more information, this post...
View ArticleBook Review: The Security Development Lifecycle (SDL)
In The Security Development Lifecycle (SDL), A Process for Developing Demonstrably More Secure Software, authors Michael Howard and Steven Lipner explain how to build secure software through a...
View ArticleSecuring Mobile Java Code
Mobile Code is code sourced from remote, possibly untrusted systems, that are executed on your local system. Mobile code is an optional constraint in the REST architectural style. This post...
View ArticleSigning Java Code
In a previous post, we discussed how to secure mobile code. One of the measures mentioned was signing code. This post explores how that works for Java programs. Digital Signatures The basis for digital...
View ArticleBuilding Both Security and Quality In
One of the important things in a Security Development Lifecycle (SDL) is to feed back information about vulnerabilities to developers. This post relates that practice to the Agile practice of No Bugs....
View ArticleBook review: Secure Programming with Static Analysis
One thing that should be part of every Security Development Lifecycle (SDL) is static code analysis. This topic is explained in great detail in Secure Programming with Static Analyis. Chapter 1, The...
View ArticleThe Lazy Developer’s Way to an Up-To-Date Libraries List
Last time I shared some tips on how to use libraries well. I now want to delve deeper into one of those: Know What Libraries You Use. Last week I set out to create such a list of embedded components...
View ArticleHow To Start With Software Security
The software security field sometimes feels a bit negative. The focus is on things that went wrong and people are constantly told what not to do. Build Security In One often heard piece of advice is...
View Article