We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
How to Avoid the Top 10 Software Security Flaws • Gary McGraw • YOW! 2018
Learn how to identify and avoid the top 10 software security flaws, design-level vulnerabilities that make up 80% of all security issues, and discover how critical thinking and threat analysis can help prevent coding errors and design flaws.
- End of life is an important thing, and code should be tested for vulnerabilities continuously.
- The top 10 software security flaws are design-level flaws, not code-level flaws.
- Flaws are caused by a lack of understanding of what you’re trying to protect, not by malicious intent.
- Design flaws are the most common security vulnerability, making up 80% of all security issues.
- Two classes of flaws: coding errors and design flaws.
- Design flaws can be more difficult to fix than coding errors.
- Think about the data being processed and ensure that it’s secure.
- Use thread modeling and threat analysis to identify potential security issues.
- Assume that everything is a lie and that any information received is malicious.
- Avoid tunnel vision and consider all possible scenarios.
- Compose yourself and think critically about security.
- Don’t trust a single technology or solution.
- Consider the design flaws in a system before implementing it.
- Test and validate your code to prevent flaws.
- Don’t rely on code review; use static analysis tools instead.
- More people are building software, which means more potential security flaws.
- However, code security is not necessarily a matter of technology; it’s an engineering problem.