#17 Robert Hurlbut, Software security

Summary
Robert Hurlbut and I discuss various aspects of software security

Details
Background, why security isn’t thought about enough, out of the box security with MVC, XSS, CSRF, model binding and parameter tampering; https everything or just on parts of a site; Microsoft improving security, open source issues, inclusion of open source in hardware security devices; unmanaged code in web apps; typical weaknesses in software, password security; software review process, threat models, code reviews, fuzz testing; healthcare security, medical devices, attack vectors, Barnaby Jack, how to build secure devices; finding good security professionals, conferences and tradeshows; books; dont roll your own security; Robert’s presentation at Boston Code Camp.

Book Recommendations
Iron-Clad Java: Building Secure Web Applications

Writing Secure Code (2nd Edition) (Developer Best Practices)

Software Security: Building Security In

Leave a Reply

Your email address will not be published. Required fields are marked *

20 + = twenty eight