Questions tagged [software-engineering]

14 questions
11
votes
1 answer

What are some ways to ensure that a cryptography library is reliable in an ecosystem that is new to me?

Cryptography is a core security service, and is generally considered a specialty that is difficult to get right unless one knows what they are doing. Furthermore, cryptography API misuse is rampant and the cause of many security vulnerabilities.…
the_endian
  • 1,009
  • 1
  • 8
  • 17
7
votes
2 answers

What makes Adobe formats so vulnerable?

Tools that deal with SWFs, PDFs, OTF... seem to suffer from a disproportionate amount of vulnerabilities. Is the a characteristic in the formats that Adobe creates that makes them more susceptible to be broken? Related: Why are Adobe Flash exploits…
Jedi
  • 3,906
  • 2
  • 24
  • 42
5
votes
1 answer

Untraceable software development

My goal is to develop a piece of software which is illegal in my country. Obviously I don't want anyone to be able to trace the code back to me or prove that I developed it after deployment. What precautions would be needed? Which pitfalls need to…
3
votes
2 answers

AppSec Developer Certifications

I've noticed that certifications seem to be a big part of the IT Security Professional (non-development), but have not seen the same attention being given/required of the software development engineer that focuses on application security or building…
2
votes
0 answers

Ethical Hacking/Bug Bounty programs: Best way to get started professionally?

I am self-employed (degree in computer science) and I have been fighting a serious illness for the past several years (and still am) which makes it pretty much impossible to take on client projects as my health is just too erratic and…
1
vote
2 answers

Security code review recommendations

I've been writing software for ~7 years and have been actively interested in security for ~2-3. This interest has been entirely self-motivated and primarily on the attack side; I've written several FOSS offensive security tools and taken deep dives…
1
vote
1 answer

What is the correct term for the discipline covering software security only?

I'm having trouble finding literature and courses specifically applicable to my field ( as a software developer who works on mobile and web applications ). What term or title best describes the security field that encompasses mostly just the areas…
LiamRyan
  • 111
  • 2
1
vote
1 answer

Application and Information Security software development market

This is a question more about how the market is for a software engineer with a focus on application and information security, mainly development and software engineering, either of secure practices while developing apps/systems, or of actual…
0
votes
1 answer

Software update process (dependencies) in organization

Wondering how other organizations manage software update process. We are a startup, were we try to define components owners, which should update them (security updates etc). This does not to seem to work well. People leave, components are left not…
dev
  • 937
  • 1
  • 8
  • 23
0
votes
0 answers

CORS policy during development

Does the CORS policy add any value during the development phase? Should I develop with CORS on or off? The development is occurring in a distributed environment and there are no local copies of components, only a testing environment where components…
0
votes
1 answer

What are security best practices and compliance areas in Agile Software Development process

How do you ensure on a high level that developed software is secure and compliant. We want to introduce a service checklist that will list each item, including "Security and Compliance" section. It will have things/requirements like: No plain-text…
dev
  • 937
  • 1
  • 8
  • 23
0
votes
1 answer

How to get gain the knowledge to be a beginner penetration tester on my own?

I want to apply for a job as a penetration tester in a good company. I have a fairly good knowledge of programming and have experience as a back-end developer. I started to work with Burpsuite, ZAP, Metasploitable2, Juiceshop, and I've started to do…
0
votes
5 answers

Are software vulnerabilities limitless?

Ok. I believe no one has thought of this perspective, so here goes. I really don't understand why software need to be constantly patch for security when programmers do a good and complete job in the first place. Computers are programmed straight…
-1
votes
2 answers

What are the best practices to implement secured remote firmware updates over-the-air (OTA)?

Firmware over the air (FOTA) is a generic name for performing firmware updates remotely. Assuming that I have a microcontroller with RW memory and a bootloader, what is the best paradigm to upgrade firmware securely over Bluetooth or similar…
0x90
  • 1,402
  • 2
  • 19
  • 27