Home > Web application security and the PCI DSS
Learning Guide:
EMAIL THIS

Web application security and the PCI DSS

03 Jul 2008 | SearchSoftwareQuality.com

Software quality news and advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

TABLE OF CONTENTS
   PCI DSS compliance: The basics
   PCI DSS compliance: Code review
   PCI DSS compliance: Web application firewalls (WAFs)
   Web application security and the PCI DSS



  Web application security and the PCI DSS
Chris WysopalExpert advice software security

Do you have questions about software security? Let our security experts, Chris Wysopal, Caleb Sima, Dan Cornell and Ramesh Nagappan guide you. Read advice they have given or submit your own questions.

Web application firewalls and code reviews, detailed, manual, automatic or otherwise, are good components of an application security program. They are not, however, the only components. Experts stress that security must be integrated into the entire software development lifecycle.

  • Tip: Secure software measures: Their strengths and limitations: Greg Reber evaluates security processes in depth, including the methods recommended by requirement 6.6. Like most application security experts, he recommends a holistic approach to security.


  • Tip: Web application hacking: Inside the mind of an attacker: App security expert Kevin Beaver emphasizes that a malicious mindset is the key to a good security analysis. He includes many specific examples where security professionals may apply this technique.


  • Tip: Secure SDLC: Integrating security into your software development lifecycle: This is a heavily detailed and hyperlinked guide from Anurag Agarwal that explains how organizations can incorporate security practices into their SDLC.


  • Article: Application security shouldn't involve duct tape, Band-Aids or bubble gum: Application security involves integrating security into the SDLC. And it involves security professionals, risk mitigation, and data protection, at least. Joe Basirico breaks the development lifecycle down by phase: requirements gathering, requirements authoring, design, development, testing, release, and documentation.


  • Expert advice: Web application security testing basics: Expert Dan Cornell breaks down security testing techniques, how to use them, what they do, and when they are applicable.


  • Learning Guide: Application security testing techniques: This guide covers the major app sec testing techniques, such as vulnerability assessment, penetration testing, fuzz testing, obfuscation and, of course, source code analysis.


  • Expert advice: Application security careers have bright future: Dan Cornell explains why application security professionals are going to be needed in greater numbers than ever before.


  • Tip: Writing software requirements that address security issues: The requirements phase is the first opportunity for integration of security in the SDLC. Kevin Beaver outlines how to approach this process.

    • Send in your suggestions
    Are there other topics you'd like to see learning guides on? Send associate editor Jennette Mullaney an e-mail at jmullaney@techtarget.com and let her know what they are.



    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


    RELATED CONTENT
    Building security into the SDLC (Software development life cycle)
    PCI DSS compliance: Web application firewalls (WAFs)
    PCI DSS compliance: Code review
    PCI DSS compliance: The basics
    PCI DSS compliance: WAF, code review or both?
    Application security careers have bright future
    Writing software requirements that address security issues
    Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering for Secure Software
    PCI DSS compliance: Web application firewall or code review?
    Application security enters uncharted regions
    How to prevent XPath injection

    Software security testing and techniques
    Static analysis at the end of the SDLC doesn't work
    Website security improved, but more can be done
    How to learn white box testing
    Security vulnerabilities found in open source Java projects
    Fuzzing for Software Security Testing and Quality Assurance: Chapter 3, Testing for Quality
    Ajax security -- Is anyone listening?
    Critical security issues found in the Spring Framework
    PCI DSS compliance: Web application firewalls (WAFs)
    PCI DSS compliance: Code review
    PCI DSS compliance: The basics

    Software security testing tools
    Static analysis tool helps software engineers find bugs during builds
    Web security: Web services an overlooked entry point for attacks
    Automated security tool finds flaws in enterprise apps
    Parasoft enhances its Application Security Solution
    PCI DSS compliance: Code review
    PCI compliance help via Fortify software
    Homeland Security-backed effort shows defects drop in open source software
    Cenzic Web application security tool targets CSRF attacks
    Ruby on Rails security audit service available
    Secure software measures: Their strengths and limitations

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary


    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




    All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts