|
 Rick Wayne reviews WatchFireýs AppScan 6.0, a sophisticated vulnerability scanner for web applications with an (almost) easy-to-use standalone UI (as well as versions that run under Eclipse, JBuilder, WebSphere and Visual Studio), and Wizard support for scan setup. Itýs a complex, powerful app, capable of exercising 400-600 tests per minute against a target, compiling and helping you analyze multi-level datasets. But the UI and Wizards are well-designed, the docs are comprehensive, and (according to Wayne) the online and phone tech support is second to none!
Also in this issue, Mike Riley offers a special guide to Digital Rights Management (DRM) and software activation tools: essential for protecting your intellectual property and enforcing license terms.
Headline
description Samsung wraps up 16 NAND die in multi-chip package
Samsung Electronics Co. pushes into new NAND territory with 16-die multi-chip package that will max out at a density of 16gigabytes, ideal for memory hungry consumer electronics devices.
EPA tightens up power specs for PCs
The U.S. Environmental Protection Agency announced the first update in seven years to its Energy Star program for power saving PCs. On average, the revised requirements for the Energy Star program will require PCs to be 65 percent more power efficient than current models. Audio in the 21st Century - Part 5
Part 5 of Scott Janus' Chapter 2 of "Audio in the 21st Century" taches us more about Audio, Sound, Sound Acoustics, Sound Psychoacoustics, Audio Technology, Longitudinal Waves, Diffraction, Beat Frequency, Constructive Interference, and Destructive Interference.
|
|
2006 Dr. Dobb's Journal Excellence in Programming Award
Jonathan Erickson
Moving computer security to the front lines of software development is just one reason Bruce Schneier is the recipient of this year's Excellence in Programming Award. Quantum Cryptography Research Advances and IBM Research May Extend Moore's Law
Deirdre Blake
Quantum cryptography researchers at the University of Toronto have described the first experimental proof of a quantum decoy technique to encrypt data over fiberoptic cable. Also, researchers at IBM have found a way to extend a key chip-manufacturing process to generate smaller chip circuits. (MP3, 2:57 mins.) Sun Patches 7 Critical Java Runtime Bugs
Gregg Keizer
Secunia labels JRE bugs "highly critical"; no word on possible exploits. New Ada Standard on the Horizon
Jonathan Erickson
Robert Dewar explains some of the changes that the Ada 2005 standard will bring to the programming language. (MP3, 4:11 mins.) Product Review: Standing Guard
Rick Wayne
Watchfire's complex security application can discover subtle vulnerabilities in your Web applications, letting you keep the script kiddies and malicious hackers at bay. Infrastructure Management Institute Launched
Jonathan Erickson
Tim Ferguson explains the goals of the recently launched Infrastructure Management Institute. (MP3, 4:41 mins.) Application Security by Design
Jonathan Erickson
In this webcast: Explore creative and contextual ways to think about software development; Learn best practices for the creation of secure code; Develop a new understanding of the engineering processes required to write robust and secure applications Special Guide—DRM and Software Activation Tools: Protect Your Data, Enforce Your Licenses
Mike Riley
Love it or hate it, digital rights management and software activation continue to permeate commercial software. Here, we sample several selections solely on technical merit—leaving the pros and cons to the pundits. SSH Kerberos Authentication Using GSSAPI and SSPI
Glen Matthews
Kerberos authentication can be an effective safeguard against man-in-the-middle attacks. Glen implements Kerberos by way of two popular APIs. Validating C and C++ for Safety and Security
Robert C. Seacord
Sometimes the only way to track down security flaws such as buffer overflows is to roll up your sleeves and manually review the code. Robert outlines a process for manual review that's based on Safe-Secure C/C++.
Software protection
Pen Testing..
Proactive Network Security Framework
|
