secure coding – Page 4 – WindowsTechs.com

Are there security vulnerabilities with apps/webpages/software while running and unloading from encrypted databases to memory for use?

Posted on March 27, 2021 by RobbB

Looking for an "in" into learning a bit more about security of software, apps and web pages from a standpoint of security while in operation. I don’t really know any terminology or situational vocabulary enough to search this pro… Continue reading Are there security vulnerabilities with apps/webpages/software while running and unloading from encrypted databases to memory for use?→

Defining Threat Modeling and Its Role in the SDLC

Posted on March 17, 2021 by Veronica Haggar

Threat modeling is one of the most essential, and misunderstood, component of the software development lifecycle. It identifies potential threats and vulnerabilities early on in the process, mitigating the risk of attacks, and reduces the overall cost… Continue reading Defining Threat Modeling and Its Role in the SDLC→

Serious Security: The Linux kernel bugs that surfaced after 15 years

Posted on March 17, 2021 by Paul Ducklin

Anyone could have found these bugs, but everyone assumed someone would, and in the end, no one did. (Until now.) Continue reading Serious Security: The Linux kernel bugs that surfaced after 15 years→

How to Improve Your Cloud and Container Security

Posted on March 15, 2021 by Veronica Haggar

Cloud architecture is the organization of components and capabilities that are necessary in order to leverage the power of cloud resources. Following the recent mass migration to the cloud, organizations are embracing best practices for architecting a… Continue reading How to Improve Your Cloud and Container Security→

Unlock a New Level of Security at Secure Coding Virtual Summit

Posted on March 15, 2021 by Veronica Haggar

A lot of cyberattacks can be prevented by developers who have the right security tools and training. The challenge is that most do not have a full understanding of security best practices. At Secure Coding Virtual Summit, industry-leading AppSec and D… Continue reading Unlock a New Level of Security at Secure Coding Virtual Summit→

C Code with Memory Safety

Posted on February 6, 2021 by Jake

I was recently asked in the following question in an interview: "What are all the possible ways to achieve memory safety while writing C code ?"
I replied about secure versions of APIs. The interviewer said that there are more ap… Continue reading C Code with Memory Safety→

What are reasonable level of security for a interal-use organization application hosted on the cloud?

Posted on January 19, 2021 by Francky_V

I’m working on an small web application (Flask). The application is only for distributed internal usage, e.g. only users with credentials created by the organization will have access to the services beyond the Login page and the organizati… Continue reading What are reasonable level of security for a interal-use organization application hosted on the cloud?→

How is .NET Core isolated storage "secured" on various OS’s?

Posted on December 7, 2020 by TLDR

I’m looking for a consolidated list of how and where isolated storage is managed on each operating system… (Windows, MacOS, Linux, (mobile?), …)
Does such a list exist?
What considerations might be worth considering in conjunction or a… Continue reading How is .NET Core isolated storage "secured" on various OS’s?→

allowing users to add custom html/js code and show it only under another domain

Posted on November 26, 2020 by medBouzid

I have a web app where I allow users to create a one-page portfolio using drag and drop, also I allow them to add custom HTML freely (basically any html or js code)
I’m aware that I shouldn’t allow the custom HTML to be executed while they… Continue reading allowing users to add custom html/js code and show it only under another domain→

Impact of the System Information Leak

Posted on November 26, 2020 by useradmin1234

Our application stored **e.printstacktrace()** in a log file, which is accessible to a specific user group. We need such detailed information for debugging purposes.
As per the security team, they are requesting us to remove such detailed … Continue reading Impact of the System Information Leak→