Learned a new term today going through 19 Deadly Sins of Software Security. They give an example of a URL containing a strange looking id parameter: 1www.xyzzy.com?id=TXkkZWNyZStwQSQkdzByRA== Turns out a simple run through a base64 decoder for gives you: 1My$ecre+pA$$w0rD The authors then refer to this as an “encrapted” password.
|
||||||
|
I’m digging into Software Security: Building Security in by Gary McGraw and I came across a strong opinion on C and C++: If you are concerned about buffer overflow problems and other basic software security bugs, don’t use C. If you must use C, use a source code security scanner. By the way C++ is [...] During a short conversation with our new Chief Security Officer he explained: If we can certify that we have a secure software development life-cycle we stand to increase our overall revenue with clients from 10-20%. Wow, actually utilizing our methodology as a competitive advantage. Typically if I mention methodology to anyone on the business side [...] |
|
|||||
|
Copyright © 2010 Musings of a Software Development Manager - All Rights Reserved |
||||||