Software Security

Dev Overflow – Part 9

Dev Overflow – Part 9 MikhailSudakov
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 8 Example of XSS that would redirect a victim browsing a particular blog page to the given malicious site. Yep, it is still here, and here to stay! What are we talking about today? A7 - Cross-Site Scripting (XSS) "XSS flaws [...]read more

Securing Automobile Control Systems Part 1

Securing Automobile Control Systems Part 1 2051 1440 KevinLackey
By Kevin Lackey, OT, ICS & SCADA Cyber Security Principal Driving (pun intended) towards a Minimum Security Standard for automotive control systems is more important than ever, as these systems are quickly becoming fully independent from human control. Within 20 years of the advent of computer regulated electronic fuel injection, first mass produced and available to [...]read more

Dev Overflow – Part 8

Dev Overflow – Part 8 840 630 MikhailSudakov
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 7 This is yet another example of why (software) security cannot be just a checkbox. More generally being a way of thinking, here it specifically takes the form of an ongoing process - a process that should have only one possible [...]read more

Dev Overflow – Part 7

Dev Overflow – Part 7 640 240 MikhailSudakov
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 6 As previous posts demonstrate, (software) security is a state of mind and not a checkbox to be marked off to meet some criteria, and definitely not something to be added on top of a completed product. The issue of broken [...]read more

Dev Overflow – Part 6

Dev Overflow – Part 6 150 150 MikhailSudakov
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 5 As the following meme suggests, if you fail to disallow arbitrary execution or even inclusion of untrusted instructions in your programs, you really are going to have a bad time that will likely cost you dearly at some point. A4 [...]read more

Dev Overflow – Part 5

Dev Overflow – Part 5 150 150 MikhailSudakov
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 4 Is your application vulnerable to sensitive data exposure? To answer that question, we need to know if it is storing sensitive data. Naturally, we cannot answer the latter without knowing what those sensitive data are in a given context. A3 [...]read more

Dev Overflow – Part 4

Dev Overflow – Part 4 150 150 MikhailSudakov
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. This post is a direct continuation of my previous post on broken authentication and session management, which was split into two parts. You might want to review Part 3 (Back to Part 3) before proceeding. A2 - Broken Authentication (Cont.) Source: an "Office Space" [...]read more

Dev Overflow – Part 3

Dev Overflow – Part 3 150 150 MikhailSudakov
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 2 Restating the main point of this entire blog series, security is about a human's way of thinking and a human's frame of mind - not about steel doors, firewalls, intrusion prevention, or intrusion detection systems. Although those tools will certainly help detect and mitigate [...]read more

Dev Overflow – Part 2

Dev Overflow – Part 2 150 150 MikhailSudakov
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Back to Part 1 Like all areas of security, software security is a state of mind and a way of thinking. It should not be a goal to be achieved or a checkbox to be checked. Developers must weave it into their software from [...]read more

Dev Overflow – Part 1

Dev Overflow – Part 1 640 426 MikhailSudakov
By Mikhail Sudakov, Cyber Security Architect and Analyst, LEO Cyber Security. Typical computer science graduates (our software engineers of tomorrow) may be fair logicians and problem solvers; alas, they have at best very little knowledge of software security. Unsafe computer instruction blunders are seen left and right unfortunately. Today's machines are as powerful as they are dumb. [...]read more