#3,337 in Computers & technology books
Use arrows to jump to the previous/next product

Reddit mentions of SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25

Sentiment score: 1
Reddit mentions: 1

We found 1 Reddit mentions of SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25. Here are the top ones.

SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25
Buying options
View on Amazon.com
or
Specs:
Height9.02 Inches
Length5.98 Inches
Number of items1
Weight0.48 Pounds
Width0.34 Inches
Related categories:

idea-bulb Interested in what Redditors like? Check out our Shuffle feature

Shuffle: random products popular on Reddit

Found 1 comment on SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25:

u/get-postanote ยท 3 pointsr/PowerShell

It's alway sa asgood thing to see different per spectives on a given topic or strategy.

However, how do you see your offering as being different, more informative, etc., than the courseware the SANS.org offers on the topic...

https://www.sans.org/webcasts/purple-powershell-current-attack-strategies-defenses-109700

... or the Secure Code strategies that have been in play via the MS SDL (Secure Development Lifecycle) for the last couple of decades?

>About Microsoft SDL
>
>https://www.microsoft.com/en-us/securityengineering/sdl/about
>
>Microsoft Security Development Lifecycle (SDL)
>
>https://www.microsoft.com/en-us/securityengineering/sdl
>
>SDL Resource List
>
>https://www.microsoft.com/en-us/securityengineering/sdl/resources
>
>Writing Secure Code (Developer Best Practices) 2nd Edition, Kindle Edition
>
>https://www.amazon.com/Writing-Secure-Code-Developer-Practices-ebook/dp/B00JDMP718/ref=sr_1_2?keywords=secure+code&qid=1555311132&s=gateway&sr=8-2
>
>Secure By Design 1st Edition
>
>https://www.amazon.com/Secure-Design-Daniel-Deogun/dp/1617294357/ref=sr_1_1?keywords=secure+code&qid=1555311132&s=gateway&sr=8-1
>
>SCFM: Secure Coding Field Manual: A Programmer's Guide to OWASP Top 10 and CWE/SANS Top 25
>
>https://www.amazon.com/SCFM-Secure-Coding-Manual-Programmers/dp/1508929572/ref=sr_1_4?keywords=secure+code&qid=1555311132&s=gateway&sr=8-4

Though there are particluars to a given language, and none of the above are PowerShell specific. The SDL thought, design and implemention relative to a give goal is the same.

Now, the real issue here is all the noise about PowerShell hacking and org leaders using that as the excuse to not allow PowerShell, without fully realizing that the use of PowerShell is a post exploit thing. The hacker got into your system another way, that was not properly defined, managed, protected, understood and or reacted to.

​

Also, there are whole websites and business offering conver Defensice PowerShell, and PowerShell forRed/Blue/Purple Teams.

Example:

https://devblogs.microsoft.com/powershell/defending-against-powershell-attacks/

http://www.defensivepowershell.com/

https://artofpwn.com/offensive-and-defensive-powershell-ii.html

https://adsecurity.org/?tag=powershell-defenses

https://devblogs.microsoft.com/powershell/powershell-security-at-derbycon/

https://nsfocusglobal.com/Attack-and-Defense-Around-PowerShell-Event-Logging

​

Learning how to attack with adn defend against, grants one greater edification on how they need to be thinking about writing and using PowerShell.

But good article. Looking forward to the rest.