Software Security (4)

Children categories

software security assessment (3)

software security assessment or code auditing is an effective form of vulnerability analysis when the source code is available. Briefly, code auditing is the inspection of software’s inputs and looking for vulnerabilities. Code auditing may seem overwhelming at the first glance but there is a methodology that can help you to sort out your steps. Although there are source code analyzer tools that automate this job, from my experience, they cannot be a full replacement for a human code auditing especially to identify design or architecture vulnerabilities. In this category I am going to talk about the areas where a code auditor should look for vulnerabilities and introduce the processes and steps require for code auditing. The methods and process introduced in this category mainly is adopted from those in “The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities” book.

For Software security assessment you need to be familiar with the methodology, tools and code auditing strategies.

View items...

Latest Articles

Vulnerability analysis

Friday, 17 April 2015 00:00 Written by
Vulnerability analysis Vulnerability analysis of a source code is a daunting task especially if it is your first time! There are thousands of questions in your mind: Were should I begin my vulnerability analysis? What should I look for? Should I go deep and jump from one function to the…

Notes about password salts

Monday, 13 April 2015 00:00 Written by
Password Salt A lot of developers when ran to “salt” asks about the usage of it and unfortunately many are not convinced to use it because they do not understand the actual usage of salts. In one sentence salts are to defend against one special type of dictionary attacks by…

threat modeling

Monday, 13 April 2015 00:00 Written by
Threat Modeling Where to seek for vulnerability? The main concentration in threat modeling is inputs and data flow in the system. A code auditor should identify all the inputs and the paths originating from them. Sometimes a vulnerable method cannot be reached by the normal path the developer assumed but…

Popular Articles

Password Salt A lot of developers when ran to “salt”…
Vulnerability analysis Vulnerability analysis of a source code is a…
integer overflow c | buffer overflow in c | buffer…
Threat Modeling Where to seek for vulnerability? The main concentration…
Advanced Programming Concepts
News Letter

Subscribe our Email News Letter to get Instant Update at anytime