discussions on software development
#17 Robert Hurlbut, Software security
Summary
Robert Hurlbut and I discuss various aspects of software security.
Details
Background, why security isn’t thought about enough, out of the box security with MVC, XSS, CSRF, model binding and parameter tampering; https everything or just on parts of a site; Microsoft improving security, open source issues, inclusion of open source in hardware security devices; unmanaged code in web apps; typical weaknesses in software, password security; software review process, threat models, code reviews, fuzz testing; healthcare security, medical devices, attack vectors, Barnaby Jack, how to build secure devices; finding good security professionals, conferences and tradeshows; books; dont roll your own security; Robert’s presentation at Boston Code Camp.