Today, I will be going over Control 18 from version 7 of the CIS top 20 Critical Security Controls – Application Software Security. I will go through the eleven requirements and offer my thoughts on what I’ve found.
Description: Establish secure coding practices appropriate to the programming language and development environment being used.
Notes: The first step in writing secure code is following best practices. OWASP has a great cheat sheet for the secure software development life cycle. Additionally, developers can study for the ISC2 Certified Secure Software Lifecycle Professional (CSSLP) certification.
Description: For in-house developed software, ensure that explicit error checking is performed and documented for all input, including for size, data type, and acceptable ranges or formats.
Notes: Many common attacks against software come in the form of no sanitizing user input or not handling errors correctly. Both of these (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Travis Smith. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/security-controls/20-critical-security-controls-control-18-application-software-security/
Rethink different: First, fatigue frightened users with multiple modal nighttime notifications. Next, call and pretend to be Apple support.
The Mend.io research team detected more than 100 malicious packages targeting the most popular machine learning (ML) libraries from the…
The number of zero-day vulnerabilities that are exploited jumped in 2023, with enterprises becoming a larger target and spyware vendors…
Singapore, Singapore, March 28th, 2024, CyberwireGoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…
Checkmarx has integrated its platform for securing application development environments with Wiz's CNAPP.
How Autonomous Pentesting with NodeZero Transformed University Protection The post Empowering Educational Compliance: Navigating the Future with Autonomous Pentesting in…