Questions tagged [software-engineering]
14 questions
11
votes
1 answer
What are some ways to ensure that a cryptography library is reliable in an ecosystem that is new to me?
Cryptography is a core security service, and is generally considered a specialty that is difficult to get right unless one knows what they are doing. Furthermore, cryptography API misuse is rampant and the cause of many security vulnerabilities.…
the_endian
- 1,009
- 1
- 8
- 17
7
votes
2 answers
What makes Adobe formats so vulnerable?
Tools that deal with SWFs, PDFs, OTF... seem to suffer from a disproportionate amount of vulnerabilities. Is the a characteristic in the formats that Adobe creates that makes them more susceptible to be broken?
Related:
Why are Adobe Flash exploits…
Jedi
- 3,906
- 2
- 24
- 42
5
votes
1 answer
Untraceable software development
My goal is to develop a piece of software which is illegal in my country. Obviously I don't want anyone to be able to trace the code back to me or prove that I developed it after deployment.
What precautions would be needed? Which pitfalls need to…
wuerfelfreak
- 153
- 3
3
votes
2 answers
AppSec Developer Certifications
I've noticed that certifications seem to be a big part of the IT Security Professional (non-development), but have not seen the same attention being given/required of the software development engineer that focuses on application security or building…
danutz_plusplus
- 61
- 1
- 6
2
votes
0 answers
Ethical Hacking/Bug Bounty programs: Best way to get started professionally?
I am self-employed (degree in computer science) and I have been fighting a serious illness for the past several years (and still am) which makes it pretty much impossible to take on client projects as my health is just too erratic and…
khaos
- 121
- 2
1
vote
2 answers
Security code review recommendations
I've been writing software for ~7 years and have been actively interested in security for ~2-3. This interest has been entirely self-motivated and primarily on the attack side; I've written several FOSS offensive security tools and taken deep dives…
Brannon
- 135
- 4
1
vote
1 answer
What is the correct term for the discipline covering software security only?
I'm having trouble finding literature and courses specifically applicable to my field ( as a software developer who works on mobile and web applications ). What term or title best describes the security field that encompasses mostly just the areas…
LiamRyan
- 111
- 2
1
vote
1 answer
Application and Information Security software development market
This is a question more about how the market is for a software engineer with a focus on application and information security, mainly development and software engineering, either of secure practices while developing apps/systems, or of actual…
danutz_plusplus
- 61
- 1
- 6
0
votes
1 answer
Software update process (dependencies) in organization
Wondering how other organizations manage software update process.
We are a startup, were we try to define components owners, which should update them (security updates etc).
This does not to seem to work well. People leave, components are left not…
dev
- 937
- 1
- 8
- 23
0
votes
0 answers
CORS policy during development
Does the CORS policy add any value during the development phase? Should I develop with CORS on or off? The development is occurring in a distributed environment and there are no local copies of components, only a testing environment where components…
Cap Barracudas
- 101
- 2
0
votes
1 answer
What are security best practices and compliance areas in Agile Software Development process
How do you ensure on a high level that developed software is secure and compliant.
We want to introduce a service checklist that will list each item, including "Security and Compliance" section.
It will have things/requirements like:
No plain-text…
dev
- 937
- 1
- 8
- 23
0
votes
1 answer
How to get gain the knowledge to be a beginner penetration tester on my own?
I want to apply for a job as a penetration tester in a good company. I have a fairly good knowledge of programming and have experience as a back-end developer.
I started to work with Burpsuite, ZAP, Metasploitable2, Juiceshop, and I've started to do…
0
votes
5 answers
Are software vulnerabilities limitless?
Ok. I believe no one has thought of this perspective, so here goes.
I really don't understand why software need to be constantly patch for security when programmers do a good and complete job in the first place. Computers are programmed straight…
Nederealm
- 113
- 2
-1
votes
2 answers
What are the best practices to implement secured remote firmware updates over-the-air (OTA)?
Firmware over the air (FOTA) is a generic name for performing firmware updates remotely.
Assuming that I have a microcontroller with RW memory and a bootloader, what is the best paradigm to upgrade firmware securely over Bluetooth or similar…
0x90
- 1,402
- 2
- 19
- 27