Secure Coding Guidelines
NIST Sets SSE Framework in Final SP 800-160 Guidance
The National Institute of Standards and Technology (NIST) published a final version of updated standards for systems security engineering (SSE) with significant content and design changes, including a renewed emphasis on the ...
LifeLock lesson—Third party security is your security
On July 25, on his blog Krebs on Security, Brian Krebs covered a flaw in how LifeLock processed “unsubscribe” information related to its marketing activities. For those unfamiliar with LifeLock, it is ...
Remediating XSS: Does a single fix work?
A very common type of injection defect is cross-site scripting (also known as XSS or HTML injection). Many developers struggle with remediation of XSS because of a misunderstanding of the difference between ...