Richard Bucker

Secure Software Development Lifecycle

Posted at — May 14, 2014


While there are a number of obvious attack vectors for would-be black hats - most are never considered or defended against until there has been an incident. This is not to say that a huge investment is required from day one; as we have learned from the copy protection cat and mouse of the 1980s - it is expensive and with diminishing returns. But if we do a few things up front and in the beginning then we raise the cost for the attacker thus we become a less desirable target.

Secure Software Development Lifecycle:


salted password hashing

OWASP cheat sheets

Twenty-three Evergreen Developer Skills

Google vs Facebook - trunk

7 Habits of Dysfunctional Programmers

10 Commandments of egoless programming

Only the beginning

bad code - silent circle


managers should code

appliance and framework

removing passwords

Intrusion Detection: Support Vector Machines and Neural Networks

Network Intrusion Detection Using Tree Augmented Naive-Bayes


Good fun with bad crypto

RBAC with unique urls and rotating keys so filtering outside application

Secure REST

tcpdump tutorial

ip tcp http

This is by no means a complete list. It’s represents my current reading list.