Secure Coding

Age-old vulnerabilities, like SQL injection and cross-site scripting, remain prevalent in applications. And that trend will continue, unless there is a fundamental shift in how programs are developed and secured.

Microsoft on Thursday released updates for three, free Security Development Lifecycle (SLD) tools designed to aid with the design and verification of applications. The updated tools - Threat Modeling Tool v3.1.8, MiniFuzz Tool v1.5.5 and RegExFuzz Tool v1.1.0 - include fixes for security and stability bugs, Microsoft said. In addition, the tools now add support for the 2010 versions of Microsoft's development environment, including Visual Studio and Team Foundation Server. Microsoft's SDL tools have been downloaded nearly 700,000 times since 2008, according to the Redmond, Wash.-based computing giant.

A new report from Veracode paints a grim picture of the security built into application software.

Microsoft on Monday announced the free availability of a new software development tool designed for coders, as well as IT professionals.

The cost of fixing a vulnerability after a product already has gone to market is much higher than the cost of finding it during the design process.

A leading technology blog, TechCrunch, was temporarily commandeered by hackers who managed to place a message that linked to a site offering adult material.