Software craftmanship and Agile management
4.2K views | +0 today
Follow
Software craftmanship and Agile management
All about software craftmanship, design and it's Agile management
Your new post is loading...
Your new post is loading...
Scooped by yannick grenzinger
Scoop.it!

Giant Bags of Mostly Water by Konstantin Ryabitsev

Securing your infrastructure by securing your humans.
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

How to Start With Security

How to Start With Security | Software craftmanship and Agile management | Scoop.it
Computer security, or the lack thereof, has made many headlines recently. In this article we'll look at how bad things are and what you, as a software developer, can do about it. It will help get you started or hopefully give you some new ideas if you're already doing some security work.
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

Excess XSS: A comprehensive tutorial on cross-site scripting

Excess XSS: A comprehensive tutorial on cross-site scripting | Software craftmanship and Agile management | Scoop.it
A comprehensive tutorial on cross-site scripting.
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

Defcon : The History and evolution of malware - YouTube

visit : http://blog.yakuza112.org/
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

10 Things You Should Know about Tokens

10 Things You Should Know about Tokens | Software craftmanship and Agile management | Scoop.it
Couple weeks ago we published a short article about cookies vs tokens in the context of single page applications, in particular appl...
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

Secure Coding for the Android Platform

CERT Secure Coding team, part of the Software Engineering Institute at Carnegie Mellon University, have recently released secure coding guidelines specific to Java's application in the Android platform. InfoQ interviews Lori Flynn, one of the researchers who authored them.
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

4 HTTP Security headers you should always be using | ibuildings

Knowing what they are and when to apply them can help you increase the security of your system. 

more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

Surviving in a Feudal Security World

Bruce Schneier examines both the challenges and the solutions needed to implementing security for enterprises in the cloud.
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

Secure Salted Password Hashing - How to do it Properly

How to hash passwords properly using salt. Why hashes should be salted and how to use salt correctly.
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

InfoQ: Comparison of Intrusion Tolerant System Architectures

In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system (ITS) architectures and their efficiency for intrusion tolerance and survivability.
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

Security is a process, not a reaction - Clever Cloud Blog

Security is a process, not a reaction - Clever Cloud Blog | Software craftmanship and Agile management | Scoop.it
The latest from Clever Cloud on new features, press, engineering, team, security updates and more.
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

Security for Continuous Integration.

Right now, we in technology are witnessing the convergence of two competing forces: on one hand, an increasing need for security (as demonstrated by these events last year); on the other, an increasing number of organizations adopting Continuous Integration (CI). In a CI model, code is integrated regularly — usually several times a day — and checked against automated tests.  Coupled with Continuous Delivery and Continuous Deployment, CI is getting code into live applications faster.  While Continuous Integration is improving the agility and speed-to-market of software organizations, that speed can leave developers more vulnerable to security breaches.

more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

Facebook Messenger: Classically Bad AppSec

Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

In Favour of Self-Signed Certificates | Java Code Geeks

In Favour of Self-Signed Certificates | Java Code Geeks | Software craftmanship and Agile management | Scoop.it
Today I watched the Google I/O presentation about HTTPS everywhere and read a couple of articles, saying that Google is going to rank sites using HTTPS higher. Apart from that, SPDY has mandatory usage of TLS, and it’s very likely the same will be true for HTTP/2. Chromium proposes marking non-HTTPS sites as non-secure. And that’s perfect. Except, it’s not very nice for small site owners. In the presentation above, the speakers say “it’s very easy” multiple times. And it is, you just have to follow a dozen checklists with a dozen items, run your site through a couple of tools and pay a CA 30 bucks per year. I have run a couple of personal sites over HTTPS (non-commercial, so using a free StatCom certificate), and I still shiver at the thought of setting up a certificate. You may say that’s because I’m an Ops newbie, but it’s just a tedious process. But let’s say every site owner will have a webmaster on contract who will renew the certificate every year. What’s the point? The talk
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

Secure Salted Password Hashing - How to do it Properly

How to hash passwords properly using salt. Why hashes should be salted and how to use salt correctly.
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

10 Common Software Security Design Flaws

Google, Twitter, and others identify the most common software design mistakes -- compiled from their own organizations -- that lead to security woes and how to avoid them.
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

OISF 2013 Chris Eagle Reverse Engineering Demystified a little maybe) (Fixed Audio) - YouTube

Video from OISF 2013. All videos, with downloads, can be found at this link shortly: www.irongeek.com/i.php?page=videos/oisf2013/mainlist http://www.ohioinfo...
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

Security Affair

Apps are shifting more logic to the client, which is changing the security landscape. These are exciting times for the web.
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

Security Engineering - A Guide to Building Dependable Distributed Systems

Security Engineering - A Guide to Building Dependable Distributed Systems | Software craftmanship and Agile management | Scoop.it
more...
No comment yet.
Scooped by yannick grenzinger
Scoop.it!

InfoQ: Secure Code Development: A Casualty With Agile?

Agile teams are known to produce reliable and high quality code quickly. However, it is also a fact that pressure to deliver quickly might result in short cut reviews, curtailed testing and lack of attention to secure code.

more...
No comment yet.