Verify your software for security bugs
Posted on 28 November 2013.
Verification is an important phase of developing secure software that is not always addressed in depth that includes dynamic analysis and fuzzing testing. This step allows checking that security has been built in the implementation phase: secure coding and using compilers mitigation correctly.

This video by Simon Roses Femerling from OWASP AppSec USA will cover the current state of verification technologies that developers can use to check the lack of security mitigations (ASLR, DEP, SafeSEH, Stack Guard, PIE, etc.) and vulnerabilities (Missing Code Signing, Insecure API, DLL planting, poor coding, etc.) and how to implement a battery of tests in their organization to verify their products are safe before releasing as required by an Application Assurance process.

Simon presents BinSecSweeper, a tool that performs security binary analysis. It's open source and cross platform (Windows and Linux) and can scan PE & ELF file formats for x86-64 that can be used by developers to check their software. It includes security mitigations and is compliance with Application Assurance best practices or by IT pros to identify insecure applications in their networks.






Spotlight

How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victimís financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if youíre using a RF-based card, along with our top safety tips to keep your payments secure.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //