BestHub
Sign in
Tag

Software Security

0 views collected around this technical thread.

Tencent Technical Engineering
Tencent Technical Engineering
Mar 19, 2025 · Information Security

AI Programming Security Risks and Countermeasures

As AI tools soon generate the majority of software, they dramatically amplify hidden security risks—such as hard‑coded secrets, XXE, directory traversal, and privilege escalation—requiring zero‑trust scanning, secret interception, command filtering, privilege‑fuse safeguards, and AI‑native semantic analysis to protect the modern code supply chain.

AI programmingAI securityRisk Mitigation
0 likes · 9 min read
AI Programming Security Risks and Countermeasures
IT Services Circle
IT Services Circle
Sep 23, 2024 · Fundamentals

Safe C++: A Revolutionary Extension Proposal for Memory Safety in C++

An overview of the Safe C++ extension proposal, developed by the C++ Alliance and Sean Baxter, which aims to add memory‑safety features to C++, includes example code, discusses its significance for software security, and references industry and governmental interest in safer programming languages.

C++ISO StandardMemory Safety
0 likes · 5 min read
Safe C++: A Revolutionary Extension Proposal for Memory Safety in C++
Code Mala Tang
Code Mala Tang
Jun 14, 2024 · Information Security

Why and How to Sign Your Electron App: Boost Security with Code Signing

Code signing verifies software authenticity and integrity, preventing tampering and security warnings, and this guide explains what code signing is, its types, applicable file formats, certificate options, and step‑by‑step instructions—including Electron‑builder configuration and sample scripts—to help developers secure their desktop applications.

EV certificateElectronOV certificate
0 likes · 9 min read
Why and How to Sign Your Electron App: Boost Security with Code Signing
php中文网 Courses
php中文网 Courses
May 6, 2024 · Backend Development

Static Code Analysis with PHPStan: Benefits, Installation, and Integration

This article explains static code analysis, introduces PHPStan as a leading PHP static analysis engine, outlines its advantages, provides step‑by‑step installation and configuration instructions, describes level upgrades, and shows how to integrate it into development workflows to improve code quality and security.

PHPSoftware SecurityStatic Analysis
0 likes · 8 min read
Static Code Analysis with PHPStan: Benefits, Installation, and Integration
DevOps Engineer
DevOps Engineer
Apr 29, 2024 · Information Security

Understanding Code Signing: Importance, Process, and Tool Comparison

This article explains what code signing is, why it is essential for software integrity and trust, outlines the signing process, compares traditional code signing certificates with the GaraSign cloud service, and offers guidance on choosing the right solution based on cost, scalability, and compliance needs.

Digital CertificatesSoftware Securitycode signing
0 likes · 7 min read
Understanding Code Signing: Importance, Process, and Tool Comparison
OPPO Kernel Craftsman
OPPO Kernel Craftsman
Dec 29, 2023 · Information Security

OPPO Releases White Paper on Mobile Application Trustworthy Technology at CAICT ICT+ Deep Observation Conference

At the CAICT ICT+ Deep Observation Conference, OPPO unveiled a white paper on mobile application trustworthy technology, analyzing lifecycle security risks, policy and patent developments, and the role of large‑model AI in intelligent terminals, while urging standardized security practices and accelerated AI‑driven vulnerability detection tools.

CAICTIntelligent TerminalsLarge Language Models
0 likes · 4 min read
OPPO Releases White Paper on Mobile Application Trustworthy Technology at CAICT ICT+ Deep Observation Conference
DevOps
DevOps
Aug 9, 2023 · Information Security

From DevOps to DevSecOps: Integrating Security into the Software Development Lifecycle and Using Microsoft Threat Modeling Tool

This article explains how DevSecOps extends DevOps by embedding security throughout the software development lifecycle, discusses common threats such as SQL injection and broken access control, outlines the Security Development Lifecycle, and provides a step‑by‑step guide to using Microsoft’s Threat Modeling Tool for risk mitigation.

DevSecOpsMicrosoft ToolSecurity Development Lifecycle
0 likes · 20 min read
From DevOps to DevSecOps: Integrating Security into the Software Development Lifecycle and Using Microsoft Threat Modeling Tool
Continuous Delivery 2.0
Continuous Delivery 2.0
May 5, 2023 · Information Security

An Introduction to Fuzz Testing and the AFL Workflow

This article explains the fundamentals of fuzz testing, describes its core concepts and step‑by‑step process, compares mutation‑based and generation‑based test case generation algorithms, and details the popular open‑source AFL tool, its workflow, mutation strategies, and practical advantages.

AFLMutation TestingSoftware Security
0 likes · 8 min read
An Introduction to Fuzz Testing and the AFL Workflow
Python Programming Learning Circle
Python Programming Learning Circle
Mar 31, 2023 · Information Security

Backdoors in Software: Real-World Cases, Legal Perspectives, and Security Implications

The article recounts real-world examples of hidden backdoors in software—from an Android ROM project and Ken Thompson’s compiler-level exploit—to discuss their legal ambiguity in China, highlight the challenges of detection, and conclude with a call for developers to share their own experiences, alongside a promotional Python course.

AndroidCompilerSoftware Security
0 likes · 6 min read
Backdoors in Software: Real-World Cases, Legal Perspectives, and Security Implications
Efficient Ops
Efficient Ops
Mar 24, 2023 · Information Security

How ICBC Built an Enterprise‑Scale Code Scanning Center to Boost Software Security

This article describes how Industrial and Commercial Bank of China tackled rising software vulnerabilities by establishing a unified code‑scanning center, integrating static, supply‑chain, and dynamic analysis tools, standardizing rules, and delivering one‑stop services that have scanned over 3.1 billion lines of code across the bank.

Banking ITCode ScanningDevOps
0 likes · 7 min read
How ICBC Built an Enterprise‑Scale Code Scanning Center to Boost Software Security
Sohu Tech Products
Sohu Tech Products
Oct 19, 2022 · Information Security

Secure Software Development: SDL, Tool Configurations, and Safe Coding Practices

This article outlines essential practices for secure software development, covering Microsoft's Security Development Lifecycle, Visual Studio security features, and comprehensive secure coding guidelines—including safe APIs, SafeInt library usage, trust boundaries, type casting, and file operation safeguards—to reduce vulnerabilities such as buffer overflows and memory errors.

C++SDLSecure Coding
0 likes · 10 min read
Secure Software Development: SDL, Tool Configurations, and Safe Coding Practices
Architecture Digest
Architecture Digest
Aug 11, 2022 · Information Security

Understanding Software Backdoors: Real Cases, Legal Perspectives, and Technical Levels

This article shares three intriguing Zhihu answers that illustrate how developers embed hidden backdoors in software—from contract‑related ROM hacks to compiler‑level exploits—while discussing Chinese legal interpretations and the varying technical sophistication of such vulnerabilities.

CompilerSoftware Securitybackdoor
0 likes · 5 min read
Understanding Software Backdoors: Real Cases, Legal Perspectives, and Technical Levels
Laravel Tech Community
Laravel Tech Community
Jul 24, 2022 · Information Security

Backdoors in Software Delivery: Real‑World Cases, Legal Perspectives, and Compiler‑Level Vulnerabilities

The article recounts three Zhihu answers that illustrate how hidden backdoors are used in software projects to secure payments, discusses the ambiguous legal status of such practices in China, and explores historic and advanced backdoor techniques ranging from driver‑level tricks to compiler‑injected vulnerabilities.

Software Securitybackdoorcompiler vulnerability
0 likes · 6 min read
Backdoors in Software Delivery: Real‑World Cases, Legal Perspectives, and Compiler‑Level Vulnerabilities
DeWu Technology
DeWu Technology
Jul 15, 2022 · Information Security

Software Composition Analysis (SCA): Overview, Challenges, and Implementation

Software Composition Analysis (SCA) identifies and tracks open‑source components across languages, matches them to vulnerability databases, and integrates risk detection into CI pipelines, helping organizations mitigate widespread flaws like Log4j2 while addressing challenges of diverse package formats, binary analysis, and accurate vulnerability correlation.

Dependency AnalysisOpen-sourceSCA
0 likes · 8 min read
Software Composition Analysis (SCA): Overview, Challenges, and Implementation
JD Tech
JD Tech
Feb 28, 2022 · Information Security

Integrating Functional Security Testing into Daily Test Practices: Concepts, SDL Roles, and Test‑Case Design

This article explains how test engineers can incorporate functional security testing into routine testing by outlining the differences between security and functional testing, describing the Security Development Lifecycle (SDL) responsibilities, and providing concrete test‑case design guidelines for various security scenarios.

Risk AssessmentSDLSecurity Testing
0 likes · 12 min read
Integrating Functional Security Testing into Daily Test Practices: Concepts, SDL Roles, and Test‑Case Design
DevOps Engineer
DevOps Engineer
Nov 10, 2021 · Information Security

Guide to Using Synopsys Polaris SaaS for Static Application Security Testing (SAST)

This article explains what Synopsys Polaris is, lists the programming languages it supports, describes how to access the SaaS platform, install the CLI, configure the polaris.yml file with capture and analysis settings, and run scans to obtain detailed vulnerability reports.

Code ScanningPolarisSAST
0 likes · 6 min read
Guide to Using Synopsys Polaris SaaS for Static Application Security Testing (SAST)
Top Architect
Top Architect
Jun 12, 2021 · Information Security

Case Study: Illegal Gambling App Development and Legal Consequences for Programmers

A recent investigation uncovered a Shenzhen-based company that created over 50 gambling apps, illegally profiting 5 million yuan, leading to the arrest of nine developers and highlighting the legal risks programmers face when providing technical support for illicit software.

Case StudySoftware Securityillegal gambling apps
0 likes · 4 min read
Case Study: Illegal Gambling App Development and Legal Consequences for Programmers
Efficient Ops
Efficient Ops
Jan 4, 2021 · Information Security

How DevSecOps Is Transforming Secure Software Delivery – 2020 Report Insights

The 2020 DevSecOps Industry Insight Report, released by XuanJing Security and Freebuf Consulting, examines the rapid adoption of DevSecOps in China, highlights survey results from over a thousand IT professionals, outlines a security tool pyramid, and forecasts emerging trends and best practices for agile security.

Agile DevelopmentCI/CDIndustry Report
0 likes · 6 min read
How DevSecOps Is Transforming Secure Software Delivery – 2020 Report Insights
Architects Research Society
Architects Research Society
Aug 9, 2020 · Information Security

Understanding Open Source Software Dependency Security Risks and Available Tools

The article explains how the widespread use of third‑party open‑source components creates a large, often overlooked attack surface, describes the fragmented nature of vulnerability information, and reviews a variety of tools that help organizations detect and manage security risks in their software dependencies.

Open-sourceSoftware Securitydependency management
0 likes · 12 min read
Understanding Open Source Software Dependency Security Risks and Available Tools