Security
Security and compliance in software projects – getting dependencies under control
This blog post addresses the high standards of security and compliance that we have to meet in every software project. Trained security engineers are responsible for ensuring that we achieve this within any given project. An especially persistent challenge they face is dealing with the countless dependencies present in software projects, and getting them – and their variety of versions – under control.
Application Security Tools: Use for Static Application Security Testing & Software Composition Analysis
Im Bereich der Application Security gibt es verschiedene Konzepte, um das Ziel zu erreichen, zuverlässige und sichere Software zu entwickeln. In diesem Beitrag werden das Static Application Security Testing (SAST) und die Software Composition Analysis (SCA) als wichtige Bestandteile der Application Security vorgestellt. Zur Umsetzung dieser Konzepte und Erhöhung der Application Security können entsprechende Tools eingesetzt werden.
OAuth in Single-Page-Apps
A large part of the apps we use regularly provide individual data and services for different users and therefore need to be able to clearly identify their users. The classic approach here would be to build a login form and manage it with its own user database, but this can have some disadvantages. This article presents the alternative approach with the protocols “OAuth” and “OpenID Connect”, which were developed for the purpose of secure authentication and authorisation.
Let’s Talk About Security – SQL Injection
Many developers are still scratching their heads, wondering how such a simple method of attack could make it to the top of the list of security vulnerabilities.
Let’s Talk About Security – Validate All Input
The objective of validation is to verify that the data entering the system do not cause any damage or cause information to be leaked.
Let’s Talk About Security – Digital Identity
Security is more important today than ever before. Virtually everything is digitized and either located in its own network or connected to the internet.