Do I Need to Fuzz For the SDL? Black box fuzz testing is a requirement of the Verification phase of the SDL, the industry-leading software security assurance process that was created by Microsoft and proven effective since 2004. Given diligent application of required security activities in the Design and Implementation phases, fuzzing done at the Verification phase confirms that […]
Read More… from BeSTORM: Fuzzing and the Microsoft Security Development Lifecycle (SDL)
Hackers vs. Applications A homeowner thinks to secure himself using a lock that can only be opened with the correct key. The burglar may ignore the complexities of lock-picking and try to slide a flexible plastic sheet through the gap between the door and the door jamb to push the catch back. In other words, […]
Why is Software Testing Important for Aviation? Software for aircraft systems, from navigation to the entertainment system, must be proven to be free of unwanted reaction to every possible input, whether predicted by the designers or not. Safe operation of an aircraft depends upon every component being able to operate not only when receiving expected […]
What Is CVSS? The common vulnerability scoring system (CVSS) is open and free to industry for evaluating the seriousness of the software security vulnerabilities and is used in vulnerability management software. CVSS gives scores to vulnerabilities per the seriousness of the threat. Scores are computed considering several metrics. Scores are given between 0-10, with most severe score […]
About CVE ( Common Vulnerability Exposures/Enumeration) Common vulnerabilities and exposure gives common names to openly known security issues or vulnerabilities. The objective of CVE is to make it simpler to impart information over different databases and make available a common platform to evaluate security tools. What is a CVE scan? CVE depends on freely accessible […]
Fuzzing as a fundamental software security test The goal of fuzzing is to perform an exhaustive analysis and uncover new and unknown vulnerabilities in applications, files and hardware. True fuzzing does not work from a pre-designed set of test cases, look for certain attack signatures or attempt to locate known vulnerabilities in products. Fuzzing is […]
What is Fuzzing in Cybersecurity? Unlike most dynamic application security testing tools, black box fuzzers do not look for certain attack signatures or attempt to locate known vulnerabilities in products, but rather deliver the widest possible range of unexpected input in order to uncover new and unknown vulnerabilities in network products. When you need more than vulnerability management […]
Frequently Asked Questions What is SQL Injection? SQL injection is currently the most common form of website attack in that web forms are very common, often they are not coded properly and the hacking tools used to find weaknesses and take advantage of them are commonly available online. This kind of exploit is easy enough […]
Never-ending Vulnerabilities The digital age has opened the door for a seemingly endless number of cybersecurity vulnerabilities. In order to keep track, Open Web Application Security Project® (OWASP), provides a top 10 list of known and newly discovered vulnerabilities. Focused on software security, OWASP is an online community that provides documentation and other reference tools […]
This article was originally published on Help Net Security on August 1 , 2019. Microsoft has recently come out and said that mandatory password changing is ancient and obsolete. This goes directly against everything we were trained to think for the last couple of decades, and against most compliance directives including some of the most dominant security […]
Read More… from Microsoft is Right, Mandatory Password Changes are Obsolete