What:
Bruce Mayhew, Director for Ounce Labs Advanced Research Team, discusses the latest techniques and tools to identify and eliminate malicious code in software in a pre-recorded podcast titled ‘Why Malicious Code Detection is Critical to Application Security.’ The podcast defines the various kinds of malicious code and how to find and eliminate them at the source with static analysis
Overview:
Malicious code manifests itself in various ways, from a gag flight simulation hidden in an excel program to the malfunction of an entire power grid. In order for development organizations to prioritize the detection of malicious code, they must first identify what their critical assets are (e.g. credit card data, trade secrets, inventory management, etc.). Once these assets are identified, to ensure application security the organization must understand how the application interacts with or can affect these resources.
Application security is critical in this process, which must include segregation of duties between a security expert and an application domain expert. The software should be checked as its being developed and then the application should be profiled using static analysis during the software. After the assets are identified and profiled, the next step is to validate the usage of the assets. Static analysis provides direction to the code, but the logic must be validated by a human.
This podcast further describes why it is critical for organizations to identify and remedy instances of malicious code to ensure application security. It also includes important takeaways for managers and developers to use during the software development lifecycle.
Where:
To listen to the podcast go to:
http://ouncelabs.com/abstracts/malicious-code-detection-podcast.asp
Speaker:
Bruce Mayhew has 20 years of software development experience, focusing for the last 8 years on application security. Mayhew created an application security practice and training curriculum for large financial institutions and has been a Web Application Security Course instructor for the SANS Institute, as well as other corporate training environments. He was instrumental in bringing WebGoat, a training application used to teach web application security principles to individuals that are new to web application security, to OWASP and currently leads the WebGoat project.
About Ounce Labs, Inc.
Ounce Labs’ industry-leading source code analysis solutions enable organizations to analyze their applications to identify, prioritize and eliminate software security vulnerabilities. Ounce delivers the accuracy, immediate time-to-value, and automated workflow that large enterprises demand while helping organizations such as EDS, IBM, Intel, Lockheed Martin, MFS, the U.S. Government Accountability Office, Unisys and VeriSign, to strengthen application security and protect confidential information. Ounce also helps organizations to verify compliance with internal policies and industry mandates including PCI DSS, FISMA, HIPAA and others. For more information, please visit www.ouncelabs.com.
Media Contacts:
Peter Crosby
Ounce Labs
781.547.7012
Peter.Crosby@ouncelabs.com
http://www.ouncelabs.com
Brenda Menard
Davies Murphy Group
781.418.2435
ounce@daviesmurphy.com
http://www.daviesmurphy.com
Ounce Labs is a registered trademark of Ounce Labs, Inc. in the United States and other countries. Ounce 5, SmartTrace and SmartAudit are trademarks of Ounce Labs. Other product or service names mentioned herein are the trademarks of their respective owners.
"Security scanners tend to be trigger happy and obtuse, but Ounce Labs offers friendly scanners with fewer false alarms."