IT-Security-Experte präsentiert auf der IT-Sicherheitsmesse vom 09.-11. Oktober erstmalig seine eigenentwickelte IT-Security-Suite. Modular aufgebaute Software bietet umfängliche Optionen für multifaktorielles Testing und Schwachstellen-Analysen.
Pierre Gronau auf dem Safety & Security-Forum in Sindelfingen
Veranstaltungshinweis 12.-13. September 2018 Pierre Gronau spricht auf dem Forum Safety & Security in Sindelfingen. „Die zwölf Tücken der Cloud-Nutzung“ –so lautet der Titel des Vortrags von Pierre Gronau. Am Mittwoch, den 12. September spricht der IT-Querdenker und Sicherheitslotse von 12.20 bis 13.00 in der Stadthalle Sindelfingen über die Gefahren …
"10 pattern for secure software development” – a starting point
With these 10 pattern you have a great starting point for secure software development: https://www.gronau-it-cloud-computing.de/pattern-1-prevent-injections-xss-and-csrf-vulnerabilities/ https://www.gronau-it-cloud-computing.de/pattern-2-separation-of-data-processing-and-data-representation/ https://www.gronau-it-cloud-computing.de/pattern-3-always-validate-data-before-you-process-it/ https://www.gronau-it-cloud-computing.de/pattern-4-protect-the-data-between-browser-and-application-from-external-insights/ https://www.gronau-it-cloud-computing.de/pattern-5-keep-an-eye-on-the-users-of-the-application/ https://www.gronau-it-cloud-computing.de/pattern-6-think-about-the-appropriate-logging-of-events/ https://www.gronau-it-cloud-computing.de/pattern-7-secure-your-apis-and-rest-interfaces/ https://www.gronau-it-cloud-computing.de/pattern-8-test-your-methods-before-others-do-it/ https://www.gronau-it-cloud-computing.de/pattern-9-do-not-trust-external-sources-that-you-do-not-control-yourself/ https://www.gronau-it-cloud-computing.de/pattern-10-keep-your-eyes-open-when-choosing-a-partner-third-party-modules/
Pattern 10: Keep Your Eyes Open When Choosing a Partner: Third-Party Modules
Frequently, software components by third parties are used to implement functionalities within applications. When using program libraries, plug-ins and add-ons from other vendors or open source projects, they should be tested for their robustness and security, as well as the applicable licensing regulations. 10.1 What are the threats facing us …
Pattern 9: Do Not Trust External Sources That You Do Not Control Yourself
Web applications often include content from other sources, especially content providers. The content is mostly referenced in the source code and is dynamically loaded by the user’s web browser. When integrating content from third-party sources, we should classify the trustworthiness of the source and, if necessary, check or filter the …
Pattern 8: Test Your Methods before Others Do It
Even during development, functions and interfaces should be checked for their correct functionality and their behavior with faulty parameters and input values. An established methodology for this test of modules are the so-called unit tests. In the testing unit, a test routine is created for each function or method, which …
Pattern 7: Secure Your APIs and REST Interfaces
Often web applications also offer APIs as well as parts of their functionality via so-called REST interfaces. We should implement and secure these interfaces just as robustly as we do for the rest of the application. This includes filtering and validating inputs and outputs as well as the secure and …
Pattern 6: Think about the Appropriate Logging of Events
In the regular operation of our applications, a large number of events are triggered and actions are carried out by our users. If errors occur in the application or if a security-relevant incident (for example, hacker attack) has taken place, it is essential for a successful post-mortem analysis to be …
Pattern 5: Keep an Eye on the Users of the Application
Security vulnerabilities are often caused by errors in the user and session management of web applications. For example, due to errors in authentication, inadequate checking routines during the password reset process, or by incomplete checks of the respective permissions when executing actions within the application (accessing data, making changes, deleting …
Pattern 4: Protect the Data between Browser and Application from External Insights
Data exchanged between our servers and the web browsers of our users when using our applications should be protected from external insights. The secure transfer of data between the client and the server (e.g., by means of an HTTPS protected connection) is also important in the context of the increasing …
- Page 1 of 2
- 1
- 2