5 top links: Security in Windows 8

Wow, Security in Windows 8 is going to move the needle.  Here are 5 of the links I Protecting you from malware Protecting your digital identity Signing in with a picture password Optimizing picture password security (Keep your screen clean if you use this one!) http://code.msdn.microsoft.com/windowsdesktop/Security-Sample-42013a3b Nice.  Looks like a lot of work for all…

4

5 Links for Securing Silverlight

When my page views are extremely positive, it is time to discuss security, why? Because security is always a way to drive the numbers down.  Let’s face it, no one wants to face the world of security or the discipline.  Tell a potential “partner” that you do software security and it is likely that you…

0

Free NSA Guidance for Addressing Malicious Code Risk and vocabulary list

Yep, that’s NSA as in National Security Agency, and you don’t have to burn it after reading!  This is a great way to get up to speed on code risks.  Zoom over to GUIDANCE FOR ADDRESSING MALICIOUS CODE RISK (you tell it is serious because it is all caps) So act now for this publication…

0

OS Command Injection

Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) See this previous blog for this subject: Software insecurity: Insecure Interaction Between Components So what is an “OS Command Injection”? (From: The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not…

0

Software Insecurity: SQL Injection code example

Code example of a bad example: SQL Injection using C# Code Snippet string userName = connection.getAuthenticatedUserName(); string query = "SELECT * FROM items WHERE owner = '" + userName + "' AND item = '" + ItemName.Text + "'"; sda = new SqlDataAdapter(query, conn); DataTable datatable = new DataTable(); sda.Fill(datatable); SELECT * FROM items WHERE…

0

Software Insecurity: Risky Resource Management

The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources. CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) CWE-494 Download of Code Without Integrity…

0

Software insecurity: Insecure Interaction Between Components

The top 6 software insecurities, with links. CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) CWE-434 Unrestricted Upload of File with Dangerous Type CWE-352 Cross-Site…

0

Costa Concordia: Mathematical Model of the Submarine

Hopefully the Costa Concordia won’t become a submarine, but the only ready control system design document that I could find easily was from MIT. Multivariable control system design for a submarine The copy isn’t printable since the document was generated in 1976, here is the diagram of the submarine.  Reference frame: When doing design, even…

0

Browser security: Chrome has the most security vulnerabilities

Well, I did my occasional checking up on browser security over the past three months with the various browsers.  Graphs and a better post can be seen at Jerry Nixon’s blog, leave nice comments there, bad comments here. 🙂 http://jerrytech.blogspot.com/2011/10/browser-security-vulnerabilities.html?showComment=1319491458139#c836912712036008830      <<< Cheesy graphic which has little to do with the post    …

10