Resources
-
Show 032 - An Interview with Jeremiah Grossman
The 32nd episode of The Silver Bullet Security Podcast features founder and Chief Technology Officer of WhiteHat Security, Jeremiah Grossman. Gary and Jeremiah discuss clickjacking, cross-site request forgery, why 50% of web problems can’t be discovered reliably automatically, and which conferences Jeremiah most enjoyed on his 2008 world tou...
-
Web application security versus software security
I have been known to take the Web application security community to task for a myopic focus on Web and Web only. Being constrained by HTTP does serve to make things pretty easy! Lately, I have adjusted my thinking. Jeremiah Grossman and I cross paths out there on the evangelism circuit pretty often and [...]...
-
Publications and Presentations
The resources gathered here are designed to provide additional technical and/or background information on Cigital's approach to protecting companies from the severe business risks of failed or flawed software.
Books: Cigital's experts have authored numerous books on cutting-edge software reliability, security and quality techniques.
Publications: Hundreds of published trade and technical papers about software security, reliabilty and quality.
Software Security Articles by Cigital Experts: Software security-themed articles previously published in IEEE Security & Privacy and Network Magazine.
White Papers: Cigital experts discuss the importance of protecting your business from the severe consequences of software failure.
Also...
Cigital Java Security Rulepack: Cigital developed a set of Java custom rules for the Fortify Source Code Analyzer(version 4.5 or later) to help automate source code review. This rule pack aims to extend the existing set of supported Java rules by Fortify. It builds upon Fortify's default set of rules by checking for additional security vulnerabilities.
Virtual Forge's Security Lessons (mirror):
Example 1: Car Auction, Example 2: Online Application, Cross Site Request Forgery, Forceful Browsing