Pierre Gronau auf dem Safety & Security-Forum in Sindelfingen

Lukas Liebhold Cloud Computing, Nachrichten / News, Neuigkeiten, Presse, Sicherheit / Security, Software Development Leave a Comment

Veranstaltungshinweis 12.-13. September 2018 Pierre Gronau spricht auf dem Forum Safety & Security in Sindelfingen. „Die zwölf Tücken der Cloud-Nutzung“ –so lautet der Titel des Vortrags von Pierre Gronau. Am Mittwoch, den 12. September spricht der IT-Querdenker und Sicherheitslotse von 12.20 bis 13.00 in der Stadthalle Sindelfingen über die Gefahren …

"10 pattern for secure software development” – a starting point

vPierre Cloud Computing, DevOps, DevSecOps, Sicherheit / Security, Software Development, WWW Leave a Comment

With these 10 pattern you have a great starting point for secure software development: https://www.gronau-it-cloud-computing.de/pattern-1-prevent-injections-xss-and-csrf-vulnerabilities/ https://www.gronau-it-cloud-computing.de/pattern-2-separation-of-data-processing-and-data-representation/ https://www.gronau-it-cloud-computing.de/pattern-3-always-validate-data-before-you-process-it/ https://www.gronau-it-cloud-computing.de/pattern-4-protect-the-data-between-browser-and-application-from-external-insights/ https://www.gronau-it-cloud-computing.de/pattern-5-keep-an-eye-on-the-users-of-the-application/ https://www.gronau-it-cloud-computing.de/pattern-6-think-about-the-appropriate-logging-of-events/ https://www.gronau-it-cloud-computing.de/pattern-7-secure-your-apis-and-rest-interfaces/ https://www.gronau-it-cloud-computing.de/pattern-8-test-your-methods-before-others-do-it/ https://www.gronau-it-cloud-computing.de/pattern-9-do-not-trust-external-sources-that-you-do-not-control-yourself/ https://www.gronau-it-cloud-computing.de/pattern-10-keep-your-eyes-open-when-choosing-a-partner-third-party-modules/  

Pattern 10: Keep Your Eyes Open When Choosing a Partner: Third-Party Modules

vPierre Sicherheit / Security, Software Development, WWW Leave a Comment

Frequently, software components by third parties are used to implement functionalities within applications. When using program libraries, plug-ins and add-ons from other vendors or open source projects, they should be tested for their robustness and security, as well as the applicable licensing regulations. 10.1      What are the threats facing us …

Pattern 9: Do Not Trust External Sources That You Do Not Control Yourself

vPierre Sicherheit / Security, Software Development, WWW Leave a Comment

Web applications often include content from other sources, especially content providers. The content is mostly referenced in the source code and is dynamically loaded by the user’s web browser. When integrating content from third-party sources, we should classify the trustworthiness of the source and, if necessary, check or filter the …

Pattern 5: Keep an Eye on the Users of the Application

vPierre Sicherheit / Security, Software Development, WWW Leave a Comment

Security vulnerabilities are often caused by errors in the user and session management of web applications. For example, due to errors in authentication, inadequate checking routines during the password reset process, or by incomplete checks of the respective permissions when executing actions within the application (accessing data, making changes, deleting …