Building security into the SDLC Software development life cycle
- September 06, 2007
While developers increasingly turn to Ajax to create applications, they're not including security controls, leaving those applications open to attack. Ajax experts Billy Hoffman and Bryan Sullivan explain what can be done to increase Ajax ...
- August 02, 2007
Web application security faces serious hurdles, experts warn. New attacks exploit XSS and CSRF vulnerabilities rampant among Web sites.
- July 12, 2007
IBM and HP have made moves to scoop up niche players in the nascent Web application security market. Analysts expect further consolidation, however, with big security vendors playing a role.
- June 05, 2007
Fortify's Brian Chess talks about his upcoming book, Secure Programming with Static Analysis, and progress that has been made toward making security part of the software development life cycle (SDLC).
- May 30, 2007
In this product update report, learn how Blueprint has overhauled the Profesy requirements tool, Codefast has teamed with Borland, Strangeloop Networks has announced tools that speed dynamic Web applications, and PreEmptive Solutions has released ...
- May 25, 2007
OWASP says cross-site scripting (XSS) remains the "termite" of Web applications, while cross-site request forgery and cryptography emerge as serious problems.
- May 15, 2007
By applying a multilayered approach to application security throughout the SDLC, software ships more securely, closer to the scheduled delivery date and closer to anticipated cost. How do you do that? Joe Basirico, a senior security trainer at ...
- May 07, 2007
The Klocwork 7.7 static code analysis suite provides enhanced usability and expanded support for Visual Studio .NET C/C++ and IntelliJ IDEA for Java. The goal is to make application security easier for developers.
- April 18, 2007
More people understand the importance of software security, but many more still need to become aware. They also need education and training to ensure they're testing applications properly and securing those applications.
- April 16, 2007
Watchfire makes it easier to integrate Web application security throughout the software development life cycle (SDLC) with its new application security testing tools -- AppScan 7.5 and AppScan QA.
- March 26, 2007
Educating programmers about application security is the focus of a campaign being launched by the SANS Institute and SPI Dynamics. A certification exam and workshops will be conducted as part of the campaign.
- March 13, 2007
SPI Dynamics has released a new version of its Web application security management tool, Assessment Management Platform (AMP). AMP 3.0, which assesses and manages application security risk across the enterprise and throughout the software ...
- March 05, 2007
Although Java has been found to be more secure than other languages, a report from Fortify Software's Java Open Review Project warns that developers may inadvertently introduce vulnerabilities into their own code by using the sample code and ...
- January 29, 2007
With WebInspect 7, SPI Dynamics has created a security product re-engineered to handle the threats and vulnerabilities of Web 2.0.
- January 11, 2007
A new WhiteHat Security report identifies and ranks Web application security vulnerabilities of custom Web applications. The most prevalent vulnerability -- cross-site scripting.