I recently bought and read a box set of books on security (Building Secure Software: How to Avoid Security Problems the Right Way, Exploiting Software: How to Break Code, and Software Security: Building Security In). Although I think that the contents of these books will be useful for years to come, the authors do acknowledge that the wo...
I am thinking about attending software security training and getting software security certificate. (or IT security in general.) I am in MA Boston area. I am new in software security field and need to know this field for current project and/or future job. Any suggestion about the training and certificate? thanks, EDIT: How about this ...
Im doing research on the capabilities of static analysis and at the moment I'm in the process of gathering code-snippets which contain subtle vulnerabilities. By that I mean not the obvious XSS and SQLI, but more subtle ones like below: $url = htmlspecialchars($_GET["url"]); echo "<a href=$url>Click here to continue</a>"; $url = htmls...
I'm implementing system which uses role based access to different methods in classes. For example to perform any action I need to check whether user which uses it can do it. I can write in each method: if(User.IsInRole ...) { } else { return ... throw ... whatever } I was thinking about automating this process for example by adding a...