Wednesday, January 25, 2012

Software Security Starts with Software Quality

In Software Security: Building Security In, Cigital's Gray McGraw breaks software security problems down into roughly equal halves. One half of security problems are security design flaws: missing authorization or doing encryption wrong — or not using encryption at all when you are supposed to, not handling passwords properly, not auditing the right data, relying on client-side instead of server-side data validation, not managing sessions safely, not taking care of SQL injection properly, and so on. These are problems that require training and experience to understand and solve properly.

The other half are security coding defects — basic mistakes in coding that attackers find ways to exploit. Focusing on preventing, finding and fixing these mistakes is a good place to start a software security program. It's something that developers and testers understand and something that they can take ownership of right away.

Read my latest post at the SANS Appsec Street Fighter blog on how basic software security practices can take you a long way towards building secure software.

1 comment:

cityspideyseo said...

CitySpidey is India's first and definitive platform for hyper local community news, RWA Management Solutions and Account Billing Software for Housing Societies. We also offer air quaity index and residential soceity news of Noida, Dwarka, Indirapuram, Gurgaon and Faridabad. You can place advertisement for your business on city spidey.

Gate Management System
Society Management App
Society Management
rwa Management App
Neighbourhood Management App
Apartment Management App
Apartment Management System
Visitors Management System
Apartment Management Software
Air Quality Index, Air Pollution
Noida News
Gurgaon News
Ghaziabad News
Delhi News
Indirapuram News
Dwarka News

Site Meter