LOGIN | REGISTER NOW | SUBSCRIBE
 
Print

Think like a hacker


By Jeff Feinman


 Jeff Feinman
Email
February 15, 2009 —  (Page 4 of 6)
Vi Labs' DeMarines agreed that security needs to be kept in mind throughout the development process. In terms of thinking about the next release as an application is under construction, a tester has the chance to figure out how to make it more resistant to tampering or piracy during the design phase. Testers can use tools that hackers might use to analyze or reverse-engineer an application. This can give the tester a better sense of how sturdy the application is.

“You don’t want to be starting to think about testing security as you’re coming into a release candidate,” DeMarines said. “You want to be looking at this fairly upfront when most of the functionality has been implemented in a way that you can test it, and then figure out how to make it resistant to the kinds of threats the enterprise is worried about.”

While there are many products on the market that allow software providers to scan source code for vulnerabilities, and it is important to do so, the key is acquiring the mentality to understand what the threat is and putting that feedback into the design, DeMarines added.

West said that mentality is pretty well ingrained in most developers today, and the enterprise software industry has realized that security needs to be a part of the full process. “There’s still a wide range of maturity levels in terms of how close companies are getting to obtaining that utopia of software being built in at every step, but for the most part, companies are doing whatever they’re able to now in order to make that a reality,” he said.

Positive vs. negative
When attempting to implement security throughout the development process, defining the proper security requirements is not always easy because they might be seen as redundant or difficult to comprehend for other professionals on a project. Some security requirements do come in the same form as traditional software requirements, specifying positive security features, such as a particular encryption algorithm the software should use, or making sure user accounts are disabled after three unsuccessful login attempts.



Related Search Term(s): professional development, security, testing, IBM, Fortify, Klocwork, Vi Labs

Pages 1 2 3 4 5 6 


Share this link: http://sdt.bz/33274
 
Most Read  Latest News  Resources
SAP unveils SAP HANA platform innovations for Big Data and spatial processing
Features include smart data access and expanded cloud deployment options
Alteryx raises $12 million to put Big Data analytics in the hands of all business analysts
Quest founder's firm, Toba Capital, selects Alteryx as its first analytics investment
Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1
Jelastic launches new version of its Java and PHP hosting platform
Jelastic today announced the launch of a new version of its ultra-scalable cloud hosting platform
Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter



Comments


06/23/2009 10:30:01 AM EST

On a related note and for similar content, see our book "The Art of Software Security Testing" published in 2006 http://www.amazon.com/Art-Software-Security-Testing-Identifying/dp/0321304861/ref=ntt_at_ep_dpt_2, for example chapters 1, pg 11 "Think like an Attacker" and chapter 3 "The Secure Software Development Lifecycle"

United StatesElfriede Dustin


close
NEXT ARTICLE
Application security, IBM style
Jack Danahy, founder of Ounce Labs, discusses acquisitions by IBM and what he sees in the security space Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
MAY 2013 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?