3 Things That Improved With CVSSv3

A key pillar of any well defined software security program is an effective vulnerability management system. An integral part of such a system is a uniform scoring function so vulnerabilities can be...

Secure Coding 101: Remediating SQL Injection Vulnerabilites

Injection is the first item in the OWASP Top 10 list for good reasons: We still find very often that developers concatenate user input into SQL queries (which is the basis for SQL injection) and th...

Secure Coding 101: 4 Common Mistakes Developers Make When Fixing Cross-Site Scripting

Even though awareness of web security issues has been on the rise, preventing and fixing XSS issues throughout an application is not always completely straightforward  - especially if security was ...

Attack Models (BSIMM6 Part 5)

"A good decision is based on knowledge and not on numbers." - Plato TL;DR: The Attack Model practice is the first of three practices in the BSIMM6 Intelligence domain. The goal of this pr...

Software Security Training (BSIMM6 Part 4)

“Without continual growth and progress, such words as improvement, achievement, and success have no meaning." – Benjamin Franklin TL;DR: The Software Security Training practice is the thi...

Compliance & Policy (BSIMM6 Part 3)

“Surround yourself with the best people you can find, delegate authority, and don't interfere as long as the policy you've decided upon is being carried out.” – Ronald Reagan TL;DR: The C...

Strategy & Metrics (BSIMM6 Part 2)

“There is nothing so useless as doing efficiently that which should not be done at all.” – Peter F. Drucker TL;DR: The Strategy & Metrics practice is the first practice of the BSIMM6 Gove...

Building Security In Maturity Model (BSIMM) - Part 1

However beautiful the strategy, you should occasionally look at the results. - Winston Churchill Software security is becoming a major concern for organisations around the world, but more often ...

5 Rules For Becoming a Successful Security Researcher

Entering the field of security research can feel overwhelming at first. Having worked with many aspiring hackers, I often hear people doubting their own potential. It usually goes like this: "I can...

Aztech FG7008GR(AC) Router Update

The Aztech FG7008GR(AC) Remote Command Injection vulnerability has been fixed and the new firmware (322.6s.2-009) can be downloaded at: http://www.aztech.com/support/index.php/networking-product...