Category Archives: Secure Design

My Threat Modeling Talk @ OWASP AppSec USA

OWASP recently posted videos of all talks from the OWASP AppSec USA conference held in Minneapolis in September 2011.
You can find my talk on an approach for “simplifying threat modeling” here. Grab my slides here.
Check it out and let me know what you think. Would love to hear from you and your thoughts on where [...]

Applying Basic Trust Concepts to Software Module Design

As a consultant who reviews code a lot, this statement immediately got me thinking about trust at the code-level. Trust issues are fun to think about — not only because there are bookoos of trust-related issues in today’s apps (particularly mashups) but also because they are difficult to mitigate through good defensive design. As a software design enthusiast, I believe we can apply the concept of trust attacks as described above to low-level module design (think the Class keyword in Java or class keyword is C++) by changing one word in the second sentence:

IO Chokepoints: J2EE Filters

This is the first post in a series covering tactics for implementing input and output chokepoints in J2EE. My goal is to describe different techniques in separate posts and then summarize the tradeoffs involved in putting them in place in a final post. In this first post, I’ll show you how to setup a J2EE servlet filter to perform HTML escaping on multiple servlet-related input sources.

Mixing GET and POST request data

Are designs that mix GET and POST requests inherently flawed?

It’s common for J2EE developers to create designs that pass both GET and POST requests through a centralized processing pipe, as in the controller method below: [...]