Author: Gary McGraw

This is the last excerpt from my new book, Software Security: Building Security In. This might be a good time to buy the book. Creativity in a New Discipline We are experiencing a time of great creativity in computer security and must seize the opportunity presented by our current situation while we can. The diversity…

Here is another excerpt from my new book, Software Security: Building Security In.. An Example: Java Card Security Testing Doing effective security testing requires experience and knowledge. Examples and case studies like the one I present here are thus useful tools for understanding the approach. In an effort to enhance payment cards with new functionality—such…

Here is another excerpt from my new book, Software Security: Building Security In. Application Security Tools: Good or Bad? Application security testing products are being sold as a solution to the problem of insecure software. Unfortunately, these first-generation solutions are not all they are cracked up to be. They may help us diagnose, describe, and…

[Ed Felten says: Please welcome Gary McGraw as guest blogger for the next week. Gary is CTO at Cigital and co-author of two past books with me. He’s here to post excerpts from his new book, Software Security: Building Security In, which was released this week. The book offers practical advice about how to design…