Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security Manager's Journal: R&D's new security lab is a promising step

Mathias Thurman | March 27, 2013
It's a great thing when a security manager doesn't have to go into battle mode every time a new corporate initiative emerges. When other departments show signs that they aren't putting security last, I can relax a bit. But just a little bit. Even in those cases, I want to have input.

Another of my favorites is BurpSuite, a set of application assessment utilities that let you do things like intercept traffic between the client browser and Web application. For example, if an application's password-reset logic isn't written properly, you could use BurpSuite to intercept and alter the parameters in an attempt to change another user's password.

We'll have other utilities, of course, as well as a tool to run static code analysis. That tool will eventually be incorporated into our software development life cycle and will be employed to assess the sanity of our source code.

We need our engineers to use all these tools properly, and I want them to learn to think like a hacker. To help, I'll find a trusted third party to provide training and guidance in application assessments and penetration testing. Slowly but surely, all of this will get all of our engineers to thinking about security early and often in the development process.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.