Dr. Dobb's Security Articles

Keccak: The New SHA-3 Encryption Standard

Tue, 07 May 2013 03:58:00 -0400

After years of testing and analysis, the U.S. government selected the Keccak algorithm to be the new SHA-3 encryption standard. Here is how it works and how to use it.

Prevent Cross-Site Scripting in ASP.NET Web Apps

Tue, 12 Mar 2013 11:51:00 -0400

Cross-site scripting threats can be greatly minimized by proper encoding. On ASP.NET apps, the Microsoft AntiXSS Library is one of the easiest ways to do the encoding correctly.

The Crying Need To Punish Cyber Crime Fairly

Tue, 15 Jan 2013 06:13:00 -0500

Aaron Swartz's suicide is an indictment of the devastating effects of disproportionate punishment.

Malicious Work with the modify-function-return-value Hack

Mon, 12 Nov 2012 03:48:00 -0500

The modify-function-return-value hack is particularly dangerous because it can be used to intercept function calls in code, user libraries, and in runtime libraries. Knowing how it operates is essential to avoiding it.

Deploying Static Analysis

Tue, 07 Aug 2012 05:44:00 -0400

Static analysis is a cheap and easy way to find bugs, but it offers important challenges that tend to be more political than technical.

Anatomy of a Stack Smashing Attack and How GCC Prevents It

Tue, 19 Jun 2012 07:27:00 -0400

The use of special prologues and epilogues around functions can easily detect attacks that rely on stack overflows. Here is how "stack smashing" is actually performed and how its occurrence is detected.

Why Phish Should Not Be Treated as Spam

Fri, 18 May 2012 10:57:00 -0400

Phishing — or the use of highly targeted e-mails to induce users to divulge passwords or use malware — is a problem for all companies. In this invited editorial, security expert Norman Sadeh discusses how phishing needs to be treated separately from spam and spam solutions.

The Best of 2011

Wed, 04 Jan 2012 08:17:00 -0500

The most popular articles of last year from Dr. Dobb's, plus some additional pieces picked out for your thoughtful consideration by our staff

Top Security Threats for 2012

Thu, 15 Dec 2011 02:40:00 -0500

Malware, hacks, break-ins, and other malfeasance FortiGuard Labs predicts we'll have to deal with next year

Testing the Final SHA-3 Hashing Algorithms

Tue, 11 Oct 2011 12:34:00 -0400

Testing the finalists in the competition for a new SHA-3 standard shows generally fast, secure hashing algorithms with few collisions.

Finding the New Encryption Standard, SHA-3

Mon, 03 Oct 2011 12:08:00 -0400

The search for a replacement for SHA-2 has settled on five finalists. We examine their internals and compare their performance.

Jolt Awards for Books: The Rest of the Best

Sun, 04 Sep 2011 07:25:00 -0400

Encrypt Early, Encrypt Often!

Sat, 30 Jul 2011 11:57:00 -0400

You can't rely on cloud providers for data security

The Indifferent Response to Security Breaches

Mon, 06 Jun 2011 07:24:00 -0400

Key institutions aren't making much of an effort to secure your data — what will it take?

Getting Started With the Cloud: Logging On With Google OAuth

Mon, 23 May 2011 08:53:00 -0400

Access Calendar and other Google Apps after you do the authorization dance

Getting Started with Google Apps and OAuth

Tue, 19 Apr 2011 07:58:00 -0400

In this second installment of coding for the cloud, Allen Holub examines the first step in accessing a cloud app: authorization

How to Secure and Authenticate Images Using Watermarks

Mon, 28 Mar 2011 12:49:00 -0400

Giving Cocoa's NSImage class the ability to add watermarks and validate images

Getting Started with The Cloud: The Ecosystem

Wed, 16 Mar 2011 10:05:00 -0400

The first in a series of hands-on articles by Allen Holub about programming for the public cloud

A Whole New Ball Game: Aspects of Mobile Application Development

Sat, 12 Mar 2011 07:11:00 -0500

What is involved in developing mobile apps for multiple platforms?

The Rise And Fall of Languages in 2010

Thu, 27 Jan 2011 06:13:00 -0500

Python and Objective-C surge, VB falls off the cliff, and Ruby treads water. What else happened?

An Introduction to jGuard

Mon, 24 Jan 2011 09:50:00 -0500

Facilitating secure authentication and authorization

This Week's Developer Reading List

Fri, 07 Jan 2011 06:10:00 -0500

HTML5 and CSS3, Web App Obfuscation, Designing Interfaces, and the Rails 3 Way

Top 5 Security Trends for 2011

Tue, 21 Dec 2010 12:09:00 -0500

Malware will increasingly be targeted at 64-bit machines, amongst other predictions from Fortinet

PCI and Encryption

Fri, 17 Dec 2010 06:35:00 -0500

Using new PCI 2.0 guidelines to reduce risk

Q&A: Scrum Success

Mon, 06 Dec 2010 06:13:01 -0500

A conversation with CollabNet's ScrumWorks expert Victor Szalvay