good code, secure software

good code, secure software http://mikeware.us/goodcode It's time to start being less reactive and more proactive Sat, 17 Dec 2011 16:07:02 +0000 http://wordpress.org/?v=2.6.3 en My Threat Modeling Talk @ OWASP AppSec USA http://mikeware.us/goodcode/?p=270 http://mikeware.us/goodcode/?p=270#comments Sat, 17 Dec 2011 16:07:02 +0000 mikeware http://mikeware.us/goodcode/?p=270 http://mikeware.us/goodcode/?feed=rss2&p=270 GC Labs: Securing URL Redirects http://mikeware.us/goodcode/?p=260 http://mikeware.us/goodcode/?p=260#comments Mon, 04 Oct 2010 00:46:09 +0000 mikeware http://mikeware.us/goodcode/?p=260 OWASP Top Ten 10 List. Sites that are vulnerable often expose a servlet or server-side script that constructs the URL being transferred to using data that is received from the client (i.e., something that can be controlled by an attacker). A lot of sites simply accept a URL as input to the redirection script, and that's what gets them into trouble.]]> http://mikeware.us/goodcode/?feed=rss2&p=260 GC Labs: Mitigating XML Entity Expansion Attacks with Xerces http://mikeware.us/goodcode/?p=234 http://mikeware.us/goodcode/?p=234#comments Sat, 20 Mar 2010 15:57:37 +0000 mikeware http://mikeware.us/goodcode/?p=234 http://mikeware.us/goodcode/?feed=rss2&p=234 Are your regular expressions anchored? http://mikeware.us/goodcode/?p=216 http://mikeware.us/goodcode/?p=216#comments Fri, 26 Feb 2010 14:49:39 +0000 mikeware http://mikeware.us/goodcode/?p=216 http://mikeware.us/goodcode/?feed=rss2&p=216 BSIMM: A Descriptive Model of Software Security http://mikeware.us/goodcode/?p=211 http://mikeware.us/goodcode/?p=211#comments Thu, 28 Jan 2010 15:29:53 +0000 mikeware http://mikeware.us/goodcode/?p=211 http://mikeware.us/goodcode/?feed=rss2&p=211 Teaching Fortify SCA About Confidential Data http://mikeware.us/goodcode/?p=204 http://mikeware.us/goodcode/?p=204#comments Wed, 25 Nov 2009 02:52:25 +0000 mikeware http://mikeware.us/goodcode/?p=204 tips for gaining assurance that Fortify SCA is "seeing" code (specifically private or confidential data) the way you think it should be.]]> http://mikeware.us/goodcode/?feed=rss2&p=204 OWASP XSS cheat sheet http://mikeware.us/goodcode/?p=194 http://mikeware.us/goodcode/?p=194#comments Fri, 03 Apr 2009 01:28:45 +0000 mikeware http://mikeware.us/goodcode/?p=194 XSS cheat sheet.]]> http://mikeware.us/goodcode/?feed=rss2&p=194 Applying Basic Trust Concepts to Software Module Design http://mikeware.us/goodcode/?p=158 http://mikeware.us/goodcode/?p=158#comments Fri, 20 Mar 2009 19:07:06 +0000 mikeware http://mikeware.us/goodcode/?p=158 Class keyword in Java or class keyword is C++) by changing one word in the second sentence:]]> http://mikeware.us/goodcode/?feed=rss2&p=158 Building Security In Maturity Model (BSIMM) http://mikeware.us/goodcode/?p=140 http://mikeware.us/goodcode/?p=140#comments Wed, 11 Mar 2009 04:24:32 +0000 mikeware http://mikeware.us/goodcode/?p=140 Building Security In Maturity Model (BSIMM) recently went public.]]> http://mikeware.us/goodcode/?feed=rss2&p=140 IO Chokepoints: J2EE Filters http://mikeware.us/goodcode/?p=115 http://mikeware.us/goodcode/?p=115#comments Wed, 14 Jan 2009 06:13:51 +0000 mikeware http://mikeware.us/goodcode/?p=115 http://mikeware.us/goodcode/?feed=rss2&p=115