Testing and Telephony

• Wednesday, July 23, 2008 - Software Security is changing

A while ago I went to a security testing presentation, sponsored by the local (Greater Boston) ASQ chapter.  I've been to several such over the past few years (starting around 2002, I think), and they all muddle together in my mind as "you really ought to do security testing for your software, here are some cool and frightening demos of what will happen if you don't".  Well, the more recent ones include some suggestions for how you might go about it.  (Plus the implication of "if you want it done right, hire my company, or at least buy my book :)

 

This presentation was different.  The presenter talked about projects to gather data on security flaws - weaknesses in architecture, design, and implementation, and software attacks and attack patterns, and working on vulnerability theory, and protection schemes.

See http://makingsecuritymeasurable.mitre.org/ - there's a *lot* of stuff there.

 

Software security is growing up.  When I first became aware that there was such a thing as security testing, it was pretty clearly something I did not know how to do - it needed a special mindset, and my mind just doesn't twist that way.  But now, the people whose minds do twist that way seem to be starting to make sense of it, and write about it, in ways that will let people like me do useful security testing if/when I need to.  Cool.

 

And there are tools - here's a list from April 2007, that should still be mostly useful:
http://www.networksecurityjournal.com/features/open-source-security-tools-applications-resources-041007/

Looks like fun ...

:: Send to a Friend!

About Me

I have a Hammer,and I know how to use it! (Actually, I have 3 Hammers ...)

«  January 2009  »
MonTueWedThuFriSatSun
 1234
567891011
12131415161718
19202122232425
262728293031 

Links

Home
View my profile
Archives
Friends
Email Me
My Blog's RSS

Friends
Entry 2 of 6
Last Page | Next Page