One-Day “Security Testing for Developers” Training in Sheffield

Software security vulnerabilities are a serious threat to software vendors and their customers: they can result in both monetary loss and loss of reputation. Thus, implementing a rigid secure software development life-cycle (SDLC) is a competitive advantage for a software vendor. Security testing is an important part of any SDLC. Moreover, it is commonly accepted that security testing should be applied as early as possible in software development.

Security Testing as Part of the Software Development Life-Cycle
Security Testing as Part of the Software Development Life-Cycle

Interested in applying Security Testing during development? We will offer a one-day continuous professional development (CDP) training on the 13th of September at The University of Sheffield.

Ontologies in Isabelle/HOL?

Mentioning ontologies and Isabelle/HOL in one sentence, might sound weird for man of us. While both are somehow used for writing formal documents, the degree of formalization is, at least at the first glance, very much different.

We asked ourselves if it is possible to integrate ontologies into Isabelle, as the current document preparation system of Isabelle lacks a mechanism for ensuring the structure of different document types (as, e.g., required in certification processes) in general and, in particular, mechanism for linking informal and formal parts of a document.

Usable Security for Developers - A Nightmare

The term “usable security” is on everyone’s lips and there seems to be a general agreement that, first, security controls should not unnecessarily affect the usability and unfriendliness of systems. And, second, that simple to use system should be preferred as they minimize the risk of handling errors that can be the root cause of security incidents such as data leakages.

But it also seems to be a general surprise (at least for security experts), why software developers always (still) make so many easy to avoid mistakes that lead to insecure software systems. In fact, many of the large security incidents of the last weeks/months/years are caused by “seemingly simple to fix” programming errors.

Why is software always crashing?

We program computers since over 50 years. Still, we are - sad but true - used to insecure, crashing, or otherwise non-working computer systems. Gerald Weinberg, an American computer scientist, once said: “If builders built buildings the way programmers wrote programs, then the first woodpecker that came along would destroy civilization.”

Damn Vulnerable Hybrid Mobile App (DVHMA)

Last month, we got interviewed by Hakin9 about one of our “side-projects”: DVHMA - The Damn Vulnerable Hybrid Mobile App. DVHMA is a an hybrid mobile app (for Android) that intentionally contains vulnerabilities. Its purpose is to enable security professionals to test their tools and techniques legally, help developers better understand the common pitfalls in developing hybrid mobile apps securely.

A LaTeX style for self-archiving copies of papers

Luckily, an increasing number of publishers allows authors of (academic) papers to publish a pre-print of their accepted papers on their personal website or their institutional website. This eases access to those papers significantly, as the “official” version on the publishers’ website is often behind a paywall. Most publishers require that the pre-prints published by the author contain a statement referring to the official version.

Thus, the only remaining questions is: how to produce a pre-print containing this reference with as little effort as possible. If you are using LaTeX for writing your papers, authorarchive package might be the solution.