Ounce Labs Advanced Research Team Director Discusses Eliminating Malicious Code at...
* Reuters is not responsible for the content in this press release.
Ounce Labs Advanced Research Team Director Discusses Eliminating Malicious
Code at the Source
WALTHAM, Mass., June 6 /PRNewswire/ --
What: Bruce Mayhew, Director for Ounce Labs Advanced Research Team,
discusses the latest techniques and tools to identify and
eliminate malicious code in software in a pre-recorded podcast
titled 'Why Malicious Code Detection is Critical to Application
Security.' The podcast defines the various kinds of malicious
code and how to find and eliminate them at the source with
static analysis
Overview: Malicious code manifests itself in various ways, from a gag
flight simulation hidden in an excel program to the malfunction
of an entire power grid. In order for development organizations
to prioritize the detection of malicious code, they must first
identify what their critical assets are (e.g. credit card data,
trade secrets, inventory management, etc.). Once these assets
are identified, to ensure application security the organization
must understand how the application interacts with or can affect
these resources.
Application security is critical in this process, which must
include segregation of duties between a security expert and an
application domain expert. The software should be checked as
its being developed and then the application should be profiled
using static analysis during the software. After the assets are
identified and profiled, the next step is to validate the usage
of the assets. Static analysis provides direction to the code,
but the logic must be validated by a human.
This podcast further describes why it is critical for
organizations to identify and remedy instances of malicious code
to ensure application security. It also includes important
takeaways for managers and developers to use during the software
development lifecycle.
Where: To listen to the podcast go to:
http://ouncelabs.com/abstracts/malicious-code-detection-podcast.asp
Speaker: Bruce Mayhew has 20 years of software development experience,
focusing for the last 8 years on application security. Mayhew
created an application security practice and training curriculum
for large financial institutions and has been a Web Application
Security Course instructor for the SANS Institute, as well as
other corporate training environments. He was instrumental in
bringing WebGoat, a training application used to teach web
application security principles to individuals that are new to
web application security, to OWASP and currently leads the
WebGoat project.
About Ounce Labs, Inc.
Ounce Labs' industry-leading source code analysis solutions enable
organizations to analyze their applications to identify, prioritize and
eliminate software security vulnerabilities. Ounce delivers the accuracy,
immediate time-to-value, and automated workflow that large enterprises demand
while helping organizations such as EDS, IBM, Intel, Lockheed Martin, MFS, the
U.S. Government Accountability Office, Unisys and VeriSign, to strengthen
application security and protect confidential information. Ounce also helps
organizations to verify compliance with internal policies and industry
mandates including PCI DSS, FISMA, HIPAA and others. For more information,
please visit www.ouncelabs.com.
Ounce Labs is a registered trademark of Ounce Labs, Inc. in the United
States and other countries. Other product or service names mentioned herein
are the trademarks of their respective owners.
MEDIA CONTACTS: Peter Crosby Brenda Menard
Ounce Labs Davies Murphy Group
781.547.7012 781.418.2435
Peter.Crosby@ouncelabs.com ounce@daviesmurphy.com
http://www.ouncelabs.com http://www.daviesmurphy.com
SOURCE Ounce Labs, Inc.
Peter Crosby of Ounce Labs, +1-781-547-7012, Peter.Crosby@ouncelabs.com, or
Brenda Menard of Davies Murphy Group, +1-781-418-2435, ounce@daviesmurphy.com,
for Ounce Labs
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.
Follow Reuters