Tuesday, October 5, 2010

Notes from Java security training

Threat Modeling:
Use Microsoft SDL Threat Modeling Tool to understand the system potential threats. Usually we have 4 steps, namely (1) Draw Diagrams (2) Analyze Model (3) Describe Environment (4) Generate Reports. We can focus on outfacing interface then features, and define process, data store, external interactor and data flow as well as (trust) boundary.

Here is one *.tms file snapshot:



Secure Development Life-cycle:
Organization or project group should define some secure development process to get security in the whole software development phase, from requirement analysis, design, development, deployment and so on.

Use JTest to fix insecure code:
Eclipse with JTest plugin provides better experience to help write secure code.





OWASP WebGoat Example:
http://localhost:6080/WebGoat-5.1/attack



Notes:
  1. SDL Threat Modeling Tool needs Visio
  2. JTest is from Parasoft, which provides a bunch of features including security scan

19 comments:

  1. Hi, probably our entry may be off topic but anyways, I have been surfing around your blog and it looks very professional. It’s obvious you know your topic and you appear fervent about it. I’m developing a fresh blog plus I’m struggling to make it look good, as well as offer the best quality content. I have learned much at your web site and also I anticipate alot more articles and will be coming back soon. Thanks you.








    Java Training Courses

    ReplyDelete
  2. This is an awesome post.Really very informative and creative contents. These concept is a good way to enhance the knowledge.
    I like it and help me to development very well.Thank you for this brief explanation and very nice information.Well, got a good knowledge.
    Java training in Chennai
    Java training in Bangalore
    Java online training
    Java training in Pune






    ReplyDelete
  3. Hmm, it seems like your site ate my first comment (it was extremely long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog. I as well as an aspiring blog writer, but I’m still new to the whole thing. Do you have any recommendations for newbie blog writers? I’d appreciate it.
    AWS Course Interview Questions and Answers for Freshers | AWS Interviews Questions and Answers for Devops
    AWS Interview questions and answers for Sysops |AWS Interview Question and Answers BlogSpot

    ReplyDelete
  4. It is appropriate time to make a few plans for the long run and it's time to be happy. I have read this put up and if I may just I want to suggest you few
    fascinating things or suggestions. Perhaps you could write subsequent articles regarding this article. I desire to read even more things approximately it!
    Java training in Chennai

    Java training in Bangalore

    Java training in Hyderabad

    Java Training in Coimbatore

    Java Online Training

    ReplyDelete
  5. Nice content very helpful, It has a very important point which should be noted down. All points mentioned and very well written.Keep Posting & writing such content

    AWS Online Training
    Online AWS Certification Training

    ReplyDelete
  6. Thanks for sharing excellent information. Keep sharing such useful information.. Travel to India from usa, The simplicity of the application form and the fact that it can be completed from anywhere with an internet connection makes it the fastest and most convenient way to get authorization to visit India.

    ReplyDelete
  7. Final Cut Pro X 11.1.2 Crack solves a problem where it incorrectly displayed MXF files of about 25 frames per second and is easy to use. Final Cut Pro Keys

    ReplyDelete
  8. Perform all the tasks and at a higher speed. In addition to this, Beyond Compare License Key 2022 integrates the seamless method of comparison Beyond Compare License Key

    ReplyDelete
  9. Romantic Christmas wishes for the husband are wishes with romantic and words of love for the husband.Christmas Message To Husband Long Distance

    ReplyDelete