The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for July 15th, 2020

logging facility in Synopse seems to be an interesting alternative to JclDebug. Need to check out how they differ in looking up the method name for tracing.

Posted by jpluimers on 2020/07/15

On my todo list, as Synops is updated more often than JCL: [WayBack] The logging facility in Synopse seems to be an interesting alternative to JclDebug: According to this StackOverflow answer, one of its features is looki… – Thomas Mueller (dummzeuch) – Google+

–jeroen

Posted in Delphi, Development, Software Development | Leave a Comment »

GitHub – gamelinux/passivedns: A network sniffer that logs all DNS server replies for use in a passive DNS setup

Posted by jpluimers on 2020/07/15

Cool tool: [WayBackGitHub – gamelinux/passivedns: A network sniffer that logs all DNS server replies for use in a passive DNS setup via [WayBack] How to log all my DNS queries? – Unix & Linux Stack Exchange (thanks mxmlnkn!).

It listens on port 53 for DNS requests then logs them to a file on regular intervals aggregating similar requests.

Usage is simple:

Read the rest of this entry »

Posted in *nix, *nix-tools, Development, DevOps, Infrastructure, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

SAFECode updates its guide on best secure software development practices – SD Times

Posted by jpluimers on 2020/07/15

Interesting to see is how much is not about actual coding, but of tooling, testing, processes, operations and mindset.

[WayBackSAFECode updates its guide on best secure software development practices – SD Times

PDF: [WayBack] SAFECode releases Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition).

Table of Contents:

Page;Topic
 4; Executive Summary
 5; Introduction
 5;  Audience
 6; SAFECode Guidance and Software Assurance Programs
 7; Application Security Control Definition
 7;  Actively Manage Application Security Controls
 9; Design
 9;  Secure Design Principles
10;  Threat Modeling 
11;  Develop an Encryption Strategy
12;  Standardize Identity and Access Management
14;  Establish Log Requirements and Audit Practices  
15; Secure Coding Practices
15;  Establish Coding Standards and Conventions
15;  Use Safe Functions Only
17;  Use Code Analysis Tools To Find Security Issues Early
17;  Handle Data Safely 
20;  Handle Errors 
21; Manage Security Risk Inherent in the Use of Third-party Components
22; Testing and Validation
22;  Automated Testing
24;  Manual Testing
27; Manage Security Findings 
27;  Define Severity
28;  Risk Acceptance Process. 
29; Vulnerability Response and Disclosure
29;  Define Internal and External Policies
29;  Define Roles and Responsibilities
30;  Ensure that Vulnerability Reporters Know Whom to Contact 
30;  Manage Vulnerability Reporters
30;  Monitor and Manage Third-party Component Vulnerabilities 
31;  Fix the Vulnerability
31;  Vulnerability Disclosure
32;  Secure Development Lifecycle Feedback  
33; Planning the Implementation and Deployment of Secure Development Practices
33;  Culture of the Organization 
33;  Expertise and Skill Level of the organization 
34;  Product Development Model and Lifecycle
34;  Scope of Initial Deployment
35;  Stakeholder Management and Communications
35;  Compliance Measurement 
36;  SDL Process Health
36;  Value Proposition.
37; Moving Industry Forward
37;  Acknowledgements
38;  About SAFECode

–jeroen

Posted in Development, Security, Software Development | Leave a Comment »