Weighing in usability and security

Last Friday I held a class on finding web vulnerabilities for my colleagues. The presentation was laid out in four segments. First segment covered why we’ve launched the initiative to find web vulnerabilities in our products. Next out was a PowerPoint presentation on what to look for and general precautions. Next I demoed the scanner tool we’ve chosen and the […]

Read More Weighing in usability and security

Shell Shock Vulnerability

You’ve probably read the news about the Shell Shock vulnerability this morning. Yup – we got a new one on our hands. A problem newly discovered – but has existed for 22 years. The CVE-2014-6271 summary states: “GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to […]

Read More Shell Shock Vulnerability

Heartbleed and the way forward

This week the world saw a serious vulnerability manifest itself. Of course we are talking about the infamous Heartbleed vulnerability. By now it should need no further introduction. In the wake of it various recommendations and thoughts are beginning to emerge. I stumbled upon a blog entry yesterday where the author tries to combine Heartbleed with lack […]

Read More Heartbleed and the way forward

Security layers above framework level

Modern software development can be, IMHO, summarized into utilization of various frameworks. Gone are the days when we had none and had to reinvent the wheel on pr. project basis. From my humble beginnings in the software industry I have seen that various frameworks has taken greater impact on my day-to-day programming style. Instead of […]

Read More Security layers above framework level

New pages to this blog

After been pondering about how to further showcase myself I have today decided to add two pages to this blog. Firstly, I’ve added a page where I will give an introduction to various tools I use at work. It wont anything fantastic, but just a page with a brief explanation of the tools I find valuable. […]

Read More New pages to this blog

Use try … catch and setters, please.

Emergency import occurred yesterday. X thousands of millions entries had to find their way into the database. I put on my superman lederhosen and started cranking. Two minutes after starting everything went completely bonkers. The damned import spewed out errors upon errors in the log. “Holy MAC-arel!” I shouted and spat violently on the floor(). […]

Read More Use try … catch and setters, please.