Documents in Security Testing
[Members-only] Article Don't Leave Security for Last
At the peak of the dot-com boom, my firm consulted extensively for large organizations concerned about the risks of Internet-based applications. My experience with one client in particular—we’ll call it Company X to protect its identity—remains the most palpable argument for integrating security throughout the software lifecycle.
[Members-only] Article The Power of 10
In life-critical software, undiscovered bugs can be fatal. These simple rules can improve the quality and reliability of any application.
[Members-only] Article The Art and Science of Security Testing
Accomplished computer security and intelligence analyst Eugene Spafford once famously said that “Finding vulnerabilities is simple; discover the assumptions a developer made, and then violate those assumptions.”
[Members-only] Article Fighting Fire with Fuzzing
Fuzz testing turns the tables on those that would do harm. Learn about this negative testing technique that takes penetration to a whole new level.
[Members-only] Article Is It Safe To Code?
Make CERT C your native tongue and build secure applications from the start. Developed by Carnegie Mellon University, the specification translates ordinary C-language code into safe and reliable.
[Members-only] Article Sniff out Vulnerabilities
Like a pack of wild dogs, hackers are always poking around. Build a cage around your app with dynamic taint propagation.