Highest Voted 'software-engineering' Questions

11

votes

1 answer

What are some ways to ensure that a cryptography library is reliable in an ecosystem that is new to me?

Cryptography is a core security service, and is generally considered a specialty that is difficult to get right unless one knows what they are doing. Furthermore, cryptography API misuse is rampant and the cause of many security vulnerabilities.…

cryptography programming software-engineering

asked Jun 26 '22 at 06:51

the_endian

1,009
1
8
17

7

votes

2 answers

What makes Adobe formats so vulnerable?

Tools that deal with SWFs, PDFs, OTF... seem to suffer from a disproportionate amount of vulnerabilities. Is the a characteristic in the formats that Adobe creates that makes them more susceptible to be broken? Related: Why are Adobe Flash exploits…

adobe software-engineering

asked Apr 01 '17 at 14:55

Jedi

3,906
2
24
42

5

votes

1 answer

Untraceable software development

My goal is to develop a piece of software which is illegal in my country. Obviously I don't want anyone to be able to trace the code back to me or prove that I developed it after deployment. What precautions would be needed? Which pitfalls need to…

privacy anonymity government tracking software-engineering

asked Jan 04 '20 at 23:22

wuerfelfreak

153
3

3

votes

2 answers

AppSec Developer Certifications

I've noticed that certifications seem to be a big part of the IT Security Professional (non-development), but have not seen the same attention being given/required of the software development engineer that focuses on application security or building…

appsec certification software-engineering

asked Mar 25 '18 at 07:25

danutz_plusplus

61
1
6

2

votes

0 answers

Ethical Hacking/Bug Bounty programs: Best way to get started professionally?

I am self-employed (degree in computer science) and I have been fighting a serious illness for the past several years (and still am) which makes it pretty much impossible to take on client projects as my health is just too erratic and…

professional-education software career bug-bounty software-engineering

asked Sep 02 '18 at 08:23

khaos

121
2

1

vote

2 answers

Security code review recommendations

I've been writing software for ~7 years and have been actively interested in security for ~2-3. This interest has been entirely self-motivated and primarily on the attack side; I've written several FOSS offensive security tools and taken deep dives…

appsec audit code-review static-analysis software-engineering

asked Oct 24 '18 at 00:38

Brannon

135
4

1

vote

1 answer

What is the correct term for the discipline covering software security only?

I'm having trouble finding literature and courses specifically applicable to my field ( as a software developer who works on mobile and web applications ). What term or title best describes the security field that encompasses mostly just the areas…

software-engineering

asked Oct 20 '18 at 18:06

LiamRyan

111
2

1

vote

1 answer

Application and Information Security software development market

This is a question more about how the market is for a software engineer with a focus on application and information security, mainly development and software engineering, either of secure practices while developing apps/systems, or of actual…

appsec professional-education career software-engineering

asked Mar 30 '18 at 07:47

danutz_plusplus

61
1
6

0

votes

1 answer

Software update process (dependencies) in organization

Wondering how other organizations manage software update process. We are a startup, were we try to define components owners, which should update them (security updates etc). This does not to seem to work well. People leave, components are left not…

compliance software risk-management updates software-engineering

asked Jul 23 '20 at 15:44

dev

937
1
8
23

0

votes

0 answers

CORS policy during development

Does the CORS policy add any value during the development phase? Should I develop with CORS on or off? The development is occurring in a distributed environment and there are no local copies of components, only a testing environment where components…

cors software-engineering

asked Mar 24 '20 at 10:42

Cap Barracudas

101
2

0

votes

1 answer

What are security best practices and compliance areas in Agile Software Development process

How do you ensure on a high level that developed software is secure and compliant. We want to introduce a service checklist that will list each item, including "Security and Compliance" section. It will have things/requirements like: No plain-text…

compliance software software-engineering agile

asked Feb 28 '20 at 08:31

dev

937
1
8
23

0

votes

1 answer

How to get gain the knowledge to be a beginner penetration tester on my own?

I want to apply for a job as a penetration tester in a good company. I have a fairly good knowledge of programming and have experience as a back-end developer. I started to work with Burpsuite, ZAP, Metasploitable2, Juiceshop, and I've started to do…

penetration-test exploit-development software-engineering rust

asked Aug 31 '19 at 10:46

chameleon123

1

0

votes

5 answers

Are software vulnerabilities limitless?

Ok. I believe no one has thought of this perspective, so here goes. I really don't understand why software need to be constantly patch for security when programmers do a good and complete job in the first place. Computers are programmed straight…

operating-systems software patching software-engineering

asked Jul 26 '17 at 04:51

Nederealm

113
2

-1

votes

2 answers

What are the best practices to implement secured remote firmware updates over-the-air (OTA)?

Firmware over the air (FOTA) is a generic name for performing firmware updates remotely. Assuming that I have a microcontroller with RW memory and a bootloader, what is the best paradigm to upgrade firmware securely over Bluetooth or similar…

firmware updates embedded-system software-engineering

asked Jan 03 '18 at 14:52

0x90

1,402
2
19
27

Questions tagged [software-engineering]