OWASP Haiti Relief Effort

OWASP has created an “OWASP for Charities” project. They set up a secure and trusted way for those within the OWASP community to donate funds to help the people of Haiti. The following is the e-mail announcing the effort that was posted to the OWASP mailing list: OWASP Members and Supporters, OWASP was founded, and is supported [...]

01/22/10 4:33 am

Seven Domains Of The CSSLP

Here are descriptions for the seven domains of the CSSLP for my presentation at ISSA-NOVA on January 21, 2010: Secure Software Concepts – the fundamental knowledge for understanding the security implications of software development, and the mechanisms to impose security constraints on the behavior, use, and content of a software system. This includes security design and [...]

01/18/10 9:34 am

Tools Are No Silver Bullet

People sometimes ask me how effective and where to apply a software security tool so I thought I would publish a few ideas on the subject. First, there are so silver bullet solutions for application security; tools play a role, but most tools have a greater impact if used earlier in the software development lifecycle. [...]

12/09/09 2:53 pm

Welcome To the Code Auditor’s Corner Blog

The Code Auditor’s Corner is a place to discuss the security issues that I typically encounter while auditing software applications. I also want to share my philosophy on how security should be approached in software development, and many other topics including: the attacker’s perspective auditing source code tools and techniques to facilitate secure programming software security education and training the [...]

09/30/09 9:20 am