swreflections.blogspot.com
Building Real Software: Not doing Code Reviews? What’s your excuse?
http://swreflections.blogspot.com/2011/05/not-doing-code-reviews-whats-your.html
Developing and Maintaining Secure and Reliable Software in the Real World. Tuesday, May 17, 2011. Not doing Code Reviews? What’s your excuse? All of us have known for a long time that code reviews find defects, and that reviews are cheaper and can be more effective than most kinds of testing. In Code Complete. Recent research into code review practices and advances in tools make reviews more effective and less expensive, and can change the way that we think of code reviews and the way that we do them.
lymans.net
Training Archives - Lymans.Net
http://www.lymans.net/category/security/training
Home of the Lyman Family. Developer Training: Recognizing the Problems and Closing the Gaps – CrossTalk Article Published. My article Developer Training: Recognizing the Problems and Closing the Gaps has been published in the March/April edition of CrossTalk. March 17, 2016. March 29, 2016. Leave a comment on Developer Training: Recognizing the Problems and Closing the Gaps – CrossTalk Article Published. Secure Development Training – Learning from Failure. June 6, 2015. August 29, 2014. July 18, 2014.
blog.c22.cc
PGP Public Key | Cатсн²² (in)sесuяitу / ChrisJohnRiley
https://blog.c22.cc/pgp-public-key
Shared Items (Google Reader archive). Apache Log Extractor [Alpha]. PoC] scr.im.tessercap (CAPTCHA OCR). Typo3 Default Encryption Keys. CVE-2013-5113/5114 – LastPass Android container PIN and auto-wipe security feature bypass. CVE-2013-2503 – Privoxy Proxy Authentication Credential Exposure. TYPO3-EXT-SA-2012-003 – t3extplorer. TYPO3-SA-2010-009 – sr feuser register. TYPO3-SA-2009-001 – Insecure Randomness. TYPO3-SA-2009-016 – Install Tool. TYPO3-SA-2009-016 – felogin. Cатсн (in)sесuяitу / ChrisJohnRiley.
blog.c22.cc
CVE-2013-2503 – Privoxy Proxy Authentication Credential Exposure | Cатсн²² (in)sесuяitу / ChrisJohnRiley
https://blog.c22.cc/advisories/cve-2013-2503-privoxy-proxy-authentication-credential-exposure
Shared Items (Google Reader archive). Apache Log Extractor [Alpha]. PoC] scr.im.tessercap (CAPTCHA OCR). Typo3 Default Encryption Keys. CVE-2013-5113/5114 – LastPass Android container PIN and auto-wipe security feature bypass. CVE-2013-2503 – Privoxy Proxy Authentication Credential Exposure. TYPO3-EXT-SA-2012-003 – t3extplorer. TYPO3-SA-2010-009 – sr feuser register. TYPO3-SA-2009-001 – Insecure Randomness. TYPO3-SA-2009-016 – Install Tool. TYPO3-SA-2009-016 – felogin. Cатсн (in)sесuяitу / ChrisJohnRiley.
jackwillk.blogspot.com
Jackwillk Security
http://jackwillk.blogspot.com/2010/11/this-week-dave-rook-aka-security-ninja.html
Saturday, November 20, 2010. This week Dave Rook (AKA Security Ninja. A new security review tool; Agnitio. In the interest of full disclosure for this review, Dave is a friend and mentor through the Infosec Mentors. Agnitio presents a 66 question checklist covering the nine principals of secure development. With so much application security information typically focused on vulnerabilities, it's refreshing to see clearly broken down security action items for developers. You can answer a review que...Agnit...
jackwillk.blogspot.com
Jackwillk Security: November 2010
http://jackwillk.blogspot.com/2010_11_01_archive.html
Saturday, November 20, 2010. This week Dave Rook (AKA Security Ninja. A new security review tool; Agnitio. In the interest of full disclosure for this review, Dave is a friend and mentor through the Infosec Mentors. Agnitio presents a 66 question checklist covering the nine principals of secure development. With so much application security information typically focused on vulnerabilities, it's refreshing to see clearly broken down security action items for developers. You can answer a review que...Agnit...
appsandsecurity.blogspot.com
Apps and Security: Rugged Summit Summary
http://appsandsecurity.blogspot.com/2012/03/rugged-summit-summary.html
Application security is mostly about applications. Then comes security. Mar 23, 2012. I spent the last week in Washington DC as an invited expert to the Rugged Summit, part of the Rugged Software initiative. The very minute I announced I'd be participating I got several messages on Twitter saying Rugged is a failure and I shouldn't go. Those messages were sent from people I like and trust. Sure, I was reluctant to a manifesto written to. Of course I should! John Pavone, Gene Kim. Rugged Software In Short.
SOCIAL ENGAGEMENT