April 12, 2013
With Red Hat's many successful product level developer programs for JBoss, OpenShift, Red Hat Enterprise Linux, etc., plus a bunch more available with upstream communities, we're working on complementing these offerings with an all-Red Hat developer program that introduces developers, ISV and SaaS players, and others to Red Hat's robust developer portfolio. In the spirit of open source development, we'd like to invite you to post your suggestions for what you'd like to see in this expanded developer program offering...
April 5, 2013
A new video focused on the "Security Mentality" in the secure programming series has been released. Some interesting things are covered about how developers think about security and why they accidentally introduce security flaws into their systems. As a corollary to Bruce Schneier's law, Josh offers "Any developer can build an application so secure that he or she cannot exploit it." Please watch the videos for some ideas about cheating and about how to avoid the biases in your own...
April 4, 2013
WebSockets are a rising technology that solves one of the great needs of web development - full duplex communication between a browser (or a different client) and a server. Let's imagine a simple scenario - live web chat. In the past, you'd probably use AJAX and polling to make new posts appear in realtime. The downside is that implementing all that is not entirely easy and it tends to put a lot of strain on the server. This article will...
March 25, 2013
Authorization and Authentication are both important aspects to secure development. Come check out our latest video in the secure development series and learn about often overlooked authorization events in your applications. The video also discusses Cross-Site Request Forgeries (CSRF), what they are and how to avoid them (e.g. OWASP CSRF Prevention Cheat Sheet).
March 22, 2013
Let's face it, sometimes slides are painful There are some common issues when I gave presentations: Will my slides file be recognized by the shared computer at the venue? How to share slides with all audiences using different OS? Most important one, how to make my slides smooth and attractive? For the first two questions, PDF might be an acceptable answer. I can upload it to slideshare.net and give out a link to audiences. But everyone knows that's not good...
March 8, 2013
The next secure development video is out! Come check out a quick video on the impact of numeric errors during your development process. The video covers such problems as Integer Overflows, and Array Index Errors (like Bounds Checking and Index Checking). You can also find more information about overflows and security in general at The Open Web Application Security Project (OWASP). Please leave us your feedback or suggestions for other secure development topics you would like to see covered.
March 7, 2013
As I stare at this blank screen to start writing my first blog entry I have that same feeling that so many developers have when starting with an unfamiliar programming language or application. The developers in our group realize that it is not easy starting from nothing and we strive to make it easier to productively use SystemTap to investigate performance problems. A starting point for anyone's first use of SystemTap is the SystemTap Beginners Guide on the Red Hat...
February 25, 2013
Software Developers always know they are supposed to be paying attention to security when they program. However, developers also know that without regular reminders both of the things they know and new threats, secure development practices can suffer. As a result, you might find the new series of videos from the Red Hat Product Security Team useful. The first two videos cover that age old topic, “Input Validation” with the first video a bit of an intro and covering XSS...
February 22, 2013
Unfortunately, not every application is packaged for every distribution. What do you do when you can't find it packaged for Red Hat Enterprise Linux? If you are like most people, you give up or attempt to install it from source. What happens when installing from source goes badly? If you are like most people, you definitely give up. How do you keep up with application improvements or, perhaps more importantly, security fixes? If you are like most people, you periodically...
February 14, 2013
Recently, I needed to get Django installed with Python 2.7 on Red Hat Enterprise Linux 6. As this is not a directly supported activity, I wanted to document how I went about it. As you might imagine, the generally expected method for install would be to grab the Python 2.7 source tree and then build it. Obviously, that can be a lot of work; is not particularly repeatable; and, potentially, exposes you to more security flaws. As a result, I...