Polls
Loading ...Books
Blog Search
-
Recent Posts
Recent Comments
- Dragan on Security on Second Round Candidates of the Cryptographic Hash Algorithm Competition Selected
- Tweets that mention Poll: Do You Use Any Security Precautions On Your Mobile Phone? | Dragan on Security -- Topsy.com on Poll: Do You Use Any Security Precautions On Your Mobile Phone?
- Tweets that mention New Version of CrypTool | Dragan on Security -- Topsy.com on New Version of CrypTool
- Dragan on Security on CrypTool
- Tweets that mention What’s Wrong With Secure Software Development?Dragan on Security | Dragan on Security -- Topsy.com on What’s Wrong With Secure Software Development?
Featured
Categories
- Books, Magazines and Journals (28)
- Conferences, Events (25)
- Cryptography (41)
- Database Security (6)
- Education and Training (11)
- Fun (15)
- General (45)
- Hardware Security (9)
- Internet Security (42)
- Intrusion Detection / Prevention Systems (10)
- Malicious Software (23)
- Mobile / Cellular / Bluetooth (15)
- Operating Systems and Application Security (58)
- Penetration Testing (1)
- Secure Programming (13)
- Security (195)
- Compliance (1)
- Polls (17)
- Privacy (32)
- Review (3)
- Security Research (39)
- Software Security (13)
- Threats, Vulnerabilities, Attacks (19)
- Tools and Utilities (14)
- Uncategorized (1)
- VoIP Security (4)
- Wireless Security (19)
Archives
- January 2012 (1)
- October 2011 (3)
- September 2011 (1)
- February 2011 (1)
- January 2011 (1)
- September 2010 (1)
- August 2010 (2)
- July 2010 (1)
- June 2010 (4)
- May 2010 (2)
- April 2010 (1)
- January 2010 (1)
- December 2009 (2)
- October 2009 (1)
- September 2009 (1)
- July 2009 (2)
- June 2009 (2)
- May 2009 (1)
- April 2009 (3)
- March 2009 (1)
- January 2009 (5)
- December 2008 (2)
- November 2008 (1)
- October 2008 (4)
- July 2008 (3)
- May 2008 (4)
- April 2008 (3)
- March 2008 (9)
- February 2008 (4)
- January 2008 (7)
- December 2007 (8)
- November 2007 (9)
- October 2007 (18)
- September 2007 (12)
- August 2007 (17)
- July 2007 (5)
- June 2007 (16)
- May 2007 (21)
- April 2007 (12)
- March 2007 (4)
- February 2007 (12)
- January 2007 (17)
- December 2006 (23)
- November 2006 (62)
- October 2006 (23)
- September 2006 (7)
- May 2006 (2)
- March 2006 (2)
- February 2006 (1)
- January 2006 (6)
- December 2005 (3)
- November 2005 (14)
- October 2005 (26)
- September 2005 (14)
- August 2005 (10)
Category Archives: Secure Programming
What’s Wrong With Secure Software Development?
Despite a wealth of security knowledge and developers’ access to advanced tools, many software security risks remain. Analysts say that vulnerabilities arise because many software developers do not understand how to build security into their code… Continue reading
Posted in Secure Programming
Tagged BSIMM, Fortify, SDL, Secure software, Security Development Lifecycle
1 Comment
WordPress 2.5
WordPress 2.5 has been released. From a security perspective, the new WordPress release 2.5 promises many improvements: secure cookie management, salted passwords, password strength meter and prepared SQL querying functions etc. It also supports Automatic Upgrade feature and WordPress Automatic … Continue reading
Posted in General, Secure Programming
Tagged Automatic upgrade, Improved security, WordPress 2.5
Leave a comment
Security Developer Center: Threat Modeling
Microsoft Application Threat Modeling is a critical security activity, enabling effective application risk management during the SDLC and beyond. Application Threat Modeling is enforced as part of the Security Development Lifecycle for IT (SDL-IT) at Microsoft. Boeing develops their line … Continue reading
SDL Crypto Code Review Macro
Michael Howard’s talks about SDL Crypto Code Review at his blog. He says: When I review code for security bugs I basically do the following: 1) Run static analysis tools and compile with /W4 to see which source code files … Continue reading
MSDN Webcast: Cryptography API: Next Generation Overview
I attended this Web cast. It is announced in this way: Event Overview Cryptography API: Next Generation (CNG) is the new Microsoft cryptography infrastructure built into the Windows Vista operating system and Windows Server code name “Longhorn.” Designed with extensibility … Continue reading
Posted in Secure Programming
Leave a comment
Has Globalization Made Software Development a US National Security Issue?
Software development has been transformed into a issue of national security as a result of IT globalization, according to a warning from former U.S. cybersecurity czar Andy Purdy. “Companies are looking for the least expensive source of production, but there … Continue reading
Posted in Secure Programming
Leave a comment
WordPress Redoable Theme “s” Cross-Site Scripting
Recently, this blog experienced attacks or better to say XSS bug testing which, fortunately, was unsuccessful. Yesterday John Martinelli has discovered a vulnerability in the Redoable theme for WordPress (I don’t use this theme – lucky again), which can be … Continue reading
Posted in Secure Programming, Security
Leave a comment
Attacks on my Blog
During last weekend this blog experienced number of attacks. I suspect [or know :)] that majority of these attacks have been performed by my students who I teach Computer Networks Security lectures. It is possible that some other people tried … Continue reading
Posted in Secure Programming, Security
7 Comments
Sell and Buy Information about Code Flaws
Couple of companies and occasions where companies or individuals sell information about code flaws to the vendors or companies buys it from hackers. So do criminals… Read article here.
Posted in Secure Programming, Security
Leave a comment
Security Code Reviews
Recently I read again interesting article in IEEE Security & Privacy magazine by Michael Howard, “A Process for Performing Security Code Reviews,” IEEE Security & Privacy, vol. 4, no. 4, July/August 2006, pp. 74-79. That very good article starts with: No one … Continue reading