Company Blog
Sharing architecture ideas with the community
We’re pleased to have a guest blogger for this Justice League entry. Michael Cohen is a Senior Security Consultant at Cigital where he is responsible for leading, assessing, architecting and implementing secure software for Fortune 500 companies. Michael also works with Cigital teams on enterprise-wide security solutions intended to improve an organization’s security posture and [...]
Software, the New Insider Threat
The insider threat has always been invoked and then ignored by computer security types. That kind of treatment may have worked (accidentally) during the network security days, but such old-fashioned thinking is quickly becoming a problem as distributed software becomes more complex. The problem is really one of trust, and the new insider is built [...]
Mitigating XSS – Why Input Validation is Bogus
Ask any security guy/gal about how to best mitigate cross-site scripting (XSS) and what is the answer? It’s some variation on validating input. Look at my own writings about this topic and what will you find? Variations on the input validation theme. Input validation is a great solution for new applications, but it’s a horrible [...]
Stop saying input validation
So it seems like almost everywhere you turn for advice about securing programs or resolving known security problems leads you to a ‘security guy’ telling you something along the lines of ‘well, you have to validate your inputs to prevent these kinds of issues’. Perhaps I’ve heard it too many times or perhaps I’m just [...]
