The abstract reads: The move to the cloud brings a number of new security challenges, but the application remains your last line of defense. Engineers are extremely well poised to perform tasks critical for securing the application—provided that certain key obstacles are overcome.
The paper explores three ways to help development bear the burden of security that the cloud places on them:
Use penetration testing results to help engineers determine how to effectively “harden” the most vulnerable parts of the application.
Apply the emerging practice of “service virtualization” to provide engineers the test environment access needed to exercise realistic security scenarios from the development environment.
Implement policy-driven development to help engineers understand and satisfy management’s security expectations.
It’s an in-depth article with some practical suggestions for improving your code security in the cloud. If you’re not familiar with Crosstalk, it’s “The Journal of Defense Software Engineering” and is full of interesting articles but carries no advertising. Give it a try.
Just a reminder for those who aren’t aware – I maintain a list here I like to call the “SQL Injection Hall of Shame“. There was a quiet period at the first of the year, but now we seem to be back at it. I’ve added a couple of updates – one a large breach that was probably SQL injection and one a small one in healthcare that was for sure.
I’m doing a free seminar next week in the DC area “Development Testingcan help you comply with government regulations and security guidelines”. Entry is free and you can register here
This will be an informative lunch seminar on Thursday, May 16th from 10am to 12pm at FCN, Inc in Reston, VA. During this event we will be discussing trends, strategies and best practices for NIST compliance.
Discover how to best utilize your company investments to deliver compliance throughout your organization. Participate in a presentation by industry expert Arthur Hicken as he facilitates a discussion on how to continuously integrate software quality into the development process with Parasoft’s comprehensive Development Testing platform.
What you will learn:
Consistently apply static analysis, unit testing, peer code review, coverage analysis, runtime error detection, etc.
Accurately and objectively measure productivity and application quality
Drive the development process in the context of business expectations – for what needs to be developed as well as how it should be developed
Gain realtime visibility into how the software is being developed and where it is satisfying expectations
Reduce costs and risks across the entire SDLC
Following the presentation Parasoft will demonstrate Parasoft’s development testing solutions for C/C++, Java and .Net applications.
Hope to see you there. If you’ve always wanted to meet the CodeCurmudgeon in person, sign up here.