Below you'll find a list of all posts that have been categorized as “Software Development”
Nachdem ich Ihre Aufmerksamkeit gewonnen habe, eine kurze Klarstellung. Sofern Ihnen jemand erzählt, dass Sie Blockchain, Künstliche Intelligenz oder die neueste Technologie in der Cyber-Sicherheit brauchen, brauchen Sie womöglich tendenziell einen neuen Berater / Mitarbeiter, etc. Wenn er auf der Basis von Fakten und Daten erklärt, warum die Technologie geeigneter …
IT-Security-Experte präsentiert auf der IT-Sicherheitsmesse vom 09.-11. Oktober erstmalig seine eigenentwickelte IT-Security-Suite. Modular aufgebaute Software bietet umfängliche Optionen für multifaktorielles Testing und Schwachstellen-Analysen.
Veranstaltungshinweis 12.-13. September 2018 Pierre Gronau spricht auf dem Forum Safety & Security in Sindelfingen. „Die zwölf Tücken der Cloud-Nutzung“ –so lautet der Titel des Vortrags von Pierre Gronau. Am Mittwoch, den 12. September spricht der IT-Querdenker und Sicherheitslotse von 12.20 bis 13.00 in der Stadthalle Sindelfingen über die Gefahren …
With these 10 pattern you have a great starting point for secure software development: https://www.gronau-it-cloud-computing.de/pattern-1-prevent-injections-xss-and-csrf-vulnerabilities/ https://www.gronau-it-cloud-computing.de/pattern-2-separation-of-data-processing-and-data-representation/ https://www.gronau-it-cloud-computing.de/pattern-3-always-validate-data-before-you-process-it/ https://www.gronau-it-cloud-computing.de/pattern-4-protect-the-data-between-browser-and-application-from-external-insights/ https://www.gronau-it-cloud-computing.de/pattern-5-keep-an-eye-on-the-users-of-the-application/ https://www.gronau-it-cloud-computing.de/pattern-6-think-about-the-appropriate-logging-of-events/ https://www.gronau-it-cloud-computing.de/pattern-7-secure-your-apis-and-rest-interfaces/ https://www.gronau-it-cloud-computing.de/pattern-8-test-your-methods-before-others-do-it/ https://www.gronau-it-cloud-computing.de/pattern-9-do-not-trust-external-sources-that-you-do-not-control-yourself/ https://www.gronau-it-cloud-computing.de/pattern-10-keep-your-eyes-open-when-choosing-a-partner-third-party-modules/
Frequently, software components by third parties are used to implement functionalities within applications. When using program libraries, plug-ins and add-ons from other vendors or open source projects, they should be tested for their robustness and security, as well as the applicable licensing regulations. 10.1 What are the threats facing us …
Web applications often include content from other sources, especially content providers. The content is mostly referenced in the source code and is dynamically loaded by the user’s web browser. When integrating content from third-party sources, we should classify the trustworthiness of the source and, if necessary, check or filter the …
Even during development, functions and interfaces should be checked for their correct functionality and their behavior with faulty parameters and input values. An established methodology for this test of modules are the so-called unit tests. In the testing unit, a test routine is created for each function or method, which …
Often web applications also offer APIs as well as parts of their functionality via so-called REST interfaces. We should implement and secure these interfaces just as robustly as we do for the rest of the application. This includes filtering and validating inputs and outputs as well as the secure and …
In the regular operation of our applications, a large number of events are triggered and actions are carried out by our users. If errors occur in the application or if a security-relevant incident (for example, hacker attack) has taken place, it is essential for a successful post-mortem analysis to be …
Security vulnerabilities are often caused by errors in the user and session management of web applications. For example, due to errors in authentication, inadequate checking routines during the password reset process, or by incomplete checks of the respective permissions when executing actions within the application (accessing data, making changes, deleting …
