5 Links for Securing Silverlight

When my page views are extremely positive, it is time to discuss security, why? Because security is always a way to drive the numbers down.  Let’s face it, no one wants to face the world of security or the discipline.  Tell a potential “partner” that you do software security and it is likely that you…

0

Free NSA Guidance for Addressing Malicious Code Risk and vocabulary list

Yep, that’s NSA as in National Security Agency, and you don’t have to burn it after reading!  This is a great way to get up to speed on code risks.  Zoom over to GUIDANCE FOR ADDRESSING MALICIOUS CODE RISK (you tell it is serious because it is all caps) So act now for this publication…

0

Free samples that help you get started with Azure

[This blog should be viewed from http://blogs.msdn.com/socal-sam] If you want to be a Software Architect then Azure is the one thing you should get up to speed on.  Many decision makers are looking for people who can talk Azure. Click on the picture to start understanding Windows Azure. Free Samples Training Kits Node.js An excellent…

2

Quant? Quant? Are you a Quant looking for the next big idea? Think Shapes and Motifs in the cloud

Rocket Scientist, Quant, candlestick maker, have you thought about Shapes and Motifs as the next big idea?  Could be, mainly how do you discern patterns in really large datasets?  Take a look at: http://msrvideo.vo.msecnd.net/rmcvideos/103425/dl/103425.pdf for an interesting take on some thinking on how to deal with extremely large datasets.  No algorithms though, which definitely sucks. …

0

Developer, Development and Virtualization

In my blog: Virtualization is virtually important for your developer virtual skills, really I mentioned several blogs by friends of mine, and I pointed out that the virtualization is one way that a developer can perform testing without cratering their environment.  However, it dawned on me that a developer could also use Test Manager see:…

0

Quant? Quant? Kalman Filter and Baynesian for Finance all in one blog post?

What is a Quant?  A Quant or sometimes Rocket Scientists is an information specialist who is able to use formulas from the space program, or deep math to create forecasting systems for Hedge Funds.  An example might be the use of Kalman filters or Dynamic Bayesian Networks or Bayesian Belief Networks (yes that is real,…

0

Costa Concordia: Modeling ships using FORTRAN in EXCEL? REALLY!

The tragedy of the Costa Concordia really got me to thinking about models and simulations.  Sadly, even the best model or simulation cannot overcome the exceptional case like a captain that may have decided to override systems to prevent errors.  Of course we don’t know if that is the case, the Captain’s decisions will be…

0

OS Command Injection

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) See this previous blog for this subject: Software insecurity: Insecure Interaction Between Components So what is an “OS Command Injection”? (From: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not…

0

Software Insecurity: SQL Injection code example

Code example of a bad example: SQL Injection using C# Code Snippet string userName = connection.getAuthenticatedUserName(); string query = "SELECT * FROM items WHERE owner = '" + userName + "' AND item = '" + ItemName.Text + "'"; sda = new SqlDataAdapter(query, conn); DataTable datatable = new DataTable(); sda.Fill(datatable); SELECT * FROM items WHERE…

0

Software insecurity: Porous Defense

The weaknesses in this category are related to defensive techniques that are often misused, abused, or just plain ignored CWE-306 Missing Authentication for Critical Function CWE-862 Missing Authorization CWE-798 Use of Hard-coded Credentials CWE-311 Missing Encryption of Sensitive Data CWE-807 Reliance on Untrusted Inputs in a Security Decision CWE-250 Execution with Unnecessary Privileges CWE-863 Incorrect…

2