Applications Weakened by Third-party Code - PCWorld Business Center. The use of third-party code in applications represents a big security risk for companies, according to a study from security vendor Veracode. Companies often use code libraries that have been developed from either open-source projects or outsourcing organizations that have been contracted to create applications, said Jason Steer, a solutions architect for Veracode, which specializes in scanning code for vulnerabilities.
Between 30 percent to 70 percent of the code in applications come from third parties, which fail to achieve an acceptable level of security up to 81 percent of the time, according to the study. In general, third-party applications are less secure than internally developed ones on the first submission. "This is a big problem for our customers," Steer said at the Gartner Security and Risk Management Summit in London on Wednesday. The problem is exemplified by Twitter, which saw a cross-site scripting flaw exploited on its site on Tuesday.
Is Open Source Good for Security? There's been a lot of debate by security practitioners about the impact of open source approaches on security. One of the key issues is that open source exposes the source code to examination by everyone, both the attackers and defenders, and reasonable people disagree about the ultimate impact of this situation. (Note - you can get the latest version of this essay by going to the main website for this book, 2.4.1. View of Various Experts First, let's exampine what security experts have to say. Bruce Schneier is a well-known expert on computer security and cryptography. He argues that smart engineers should ``demand open source code for anything related to security'' [Schneier 1999], and he also discusses some of the preconditions which must be met to make open source software secure. Elias Levy (Aleph1) is the former moderator of one of the most popular security discussion groups - Bugtraq.
Michael H. Scott A. 2.4.2. 2.4.3. 2.4.4. 2.4.5. 2.4.6. Open Source Security Mother Lode. Open Source Security Tools and Applications news, help and resea. Email Alerts Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Seven Outstanding Security Pros in 2012 Find out who won this year’s Security 7 Award, which honors outstanding security professionals in seven vertical markets. Nessus 3 Tutorial: How to use Nessus to identify network vulnerabilities Learn how to use Nessus, an inexpensive vulnerability scanner, with our Nessus Tutorial Guide.
Heartbleed response: Tech giants to fund OpenSSL, other projects A number of tech giants have pledged financial help to OpenSSL and other open source projects after the Heartbleed bug exposed numerous issues. About Open Source Security Tools and Applications. Open source security testing tools. Please fill in our 10th anniversary survey! Opensourcetesting.org is 10 years old! We have changed a lot over that time, and no doubt you have too. We would love to get to know the 'new you' a little bit better, find out what you think of our website and what else we could do for you. Please follow this link and fill in this quick survey. Thankyou so much for visiting our site, and for your time on the survey. Here's to another 10 years! Babel Enterprise Description: Babel Enterprise manages the risk, dividing it by domains (groups or organizations), assets and policies.
Requirement: Linux, Solaris, WinXP, HP-UX, IBM AIX BFBTester - Brute Force Binary Tester BFBTester is good for doing quick, proactive security checks of binary programs. POSIX, BSD, FreeBSD, OpenBSD, Linux Brakeman Brakeman is an open source vulnerability scanner specifically designed for Ruby on Rails applications. Rails 3 130 protocol interfaces and formats Flawfinder Python 1.5 or greater Gendarme .NET (Mono or MS runtime) Nessus. Web Test Tools. Fourni par Traduction More than 540 tools listed in 14 categories Organization of Web Test Tools Listing - this tools listing has been loosely organized into the following categories: Note: Categories are not well-defined and some tools could have been listed in several categories; the 'Web Site Management Tools' category includes products that contain: site version control tools, combined utilities/tools, server management and optimization tools, and authoring/publishing/deployment tools that include significant site management or testing capabilities.
Suggestions for category improvement are welcome; see bottom of this page to send suggestions. Check listed tool/vendor sites for latest product capabilities, supported platforms/servers/clients, etc; new listings are periodically added to the top of each category section; date of latest update is shown at bottom of this page. Load and Performance Test Tools LoadView - Cloud-based, fully-managed performance testing tool from Dotcom-Monitor.