Tuesday, June 24, 2008

AppCodeScan 1.2 - Posted...

We did some source code assessment and on the basis of it .NET application rules are added. Can download and play around with the tool.

Link to tools page

Wednesday, June 11, 2008

Secure Application Coding Training at Syscan Singapore

[1st July 2008] Syscan - Singapore
Secure Application Coding Training

Application source code, independent of languages and platforms, is a major source for vulnerabilities. One of the CSI surveys on vulnerability distribution suggests that 64% of the time, a vulnerability crops up due to programming errors and 36% of the time, due to configuration issues. According to IBM labs, there is a possibility of at least one security issue contained in every 1,500 lines of code. To avoid these sort of security issues one needs to follow sound secure coding and design principals. It is also imperative to know code review methodologies and strategies to assess the quality of code before deploying to the production. The course is designed by the author of "Web Hacking: Attacks and Defense", “Hacking Web Services” and “Web 2.0 Security – Defending Ajax, RIA and SOA” bringing his experience in application security and research as part of curriculum.

Secure Coding course for Applications is hands-on class. The class features real life cases, hands one exercises, code scanning tools and defense plans. Participants would be methodically taken down to the source code level and exposed to the flaws in design and coding practices. The class would then focus on what are the proper ways of writing secure code and analyze the code base. This class addresses popular languages and platforms like VB/C# (.NET), Java(J2EE), PHP, ASP etc.