Twitter

Encrapted Passwords

Learned a new term today going through 19 Deadly Sins of Software Security. They give an example of a URL containing a strange looking id parameter:
1www.xyzzy.com?id=TXkkZWNyZStwQSQkdzByRA==
Turns out a simple run through a base64 decoder for gives you:
1My$ecre+pA$$w0rD
The authors then refer to this as an “encrapted” password.

December 6th, 2006 | Category: security, software development | Leave a comment

Gary McGraw on C and C++

I’m digging into Software Security: Building Security in by Gary McGraw and I came across a strong opinion on C and C++:
If you are concerned about buffer overflow problems and other basic software security bugs, don’t use C. If you must use C, use a source code security scanner. By the way C++ [...]

September 9th, 2006 | Category: security, software development | Leave a comment

Agile Security as a Competitive Advantage

During a short conversation with our new Chief Security Officer he explained:
If we can certify that we have a secure software development life-cycle we stand to increase our overall revenue with clients from 10-20%.
Wow, actually utilizing our methodology as a competitive advantage. Typically if I mention methodology to anyone on the business side and [...]

September 8th, 2006 | Category: scrum, security, software development | Leave a comment