In this article, author discusses three techniques to defend against malicious users in software systems. These techniques includes creating personas to think strategically about the mischief a malicious user might attempt, misuse cases used to determine how the software should respond to unintended use, and activity diagrams annotated with security concerns.
Dennis Sosnoski explains how supposedly-secure connections can be downgraded to the point where they are easily broken and how even at full strength most forms of encryption are vulnerable to data capture and later decryption if your private keys are exposed. In this article you'll learn some ways of making it more difficult for anyone to see or alter your data exchanges.
In this article, Rohit Sethi discusses one of the biggest risks with software security, the opaque nature of verification tools and processes, and the potential for false negatives not covered by the different verification techniques. He also talks about some examples of security requirements and examines how common verification methods apply to them.
In this article, authors discuss the security in software development life cycle and how to defend against web application vulnerabilities using white-box analysis and black-box testing techniques. 1
In this IEEE article, authors Quyen L. Nguyen and Arun Sood discuss three types of intrusion tolerant system architectures and their efficiency for intrusion tolerance and survivability. 3
NoSQL databases have been getting lot of attention lately but NoSQL data security is not given much emphasis. This article focuses on the security considerations in accessing NoSQL databases. 4
In this IEEE article, author John Diamant talks about improving security quality of software applications using techniques like security requirements gap analysis and architectural threat analysis.
This article discusses significant new threats to host agents, outlines a generic architecture for malware detection, based on enhanced cloud computing, and outlines enhanced computing solutions.
Botnets are the latest scourge to hit the Internet and this article provides and presents several promising anti-botnet defense strategies that specifically target current and emerging trends.