Software Security Test Best Practices
- November 06, 2006
AppScan 7.0 adds privilege escalation testing and support for two-factor authentication, plus root cause identification and communication features and a new Reporting Console.
- November 06, 2006
SPI Dynamics takes application vulnerability detection a step further with DevInspect 3.0. The new version now includes full support for Java developers and J2EE Web applications.
- November 01, 2006
In addition to writing code to keep malicious users out of their Web apps, ASP.NET developers should also monitor their applications for unusual activity. That includes testing, detection and management, which can be done using the Health Monitoring...
- October 31, 2006
SQL injection is recognized as a major threat to application security, but what about other injection attacks? SPI Dynamics' Caleb Sima dissects these exploits and offers straightforward prevention techniques in this podcast.
- October 26, 2006
The U.S. Navy Network Warfare Command's evaluation of Ounce Labs' source code analysis technology showed how a tool such as Ounce could improve the Department of Defense's application security and reduce project costs.
- October 23, 2006
WhiteHat Security debuted version 3.0 of its WhiteHat Sentinel, a continuous vulnerability assessment and management service for Web applications. New features include a one-click vulnerability retest and the Inspector technology for building a ...
- October 16, 2006
Sprajax, the first Ajax security scanner, is now available for download at the OWASP Web site. The Denim Group has donated its tool to the non-profit organization.
- October 10, 2006
In two announcements, Ounce Labs said it is partnering with application security vendors to help companies better find vulnerabilities in software.
- October 06, 2006
PostX turned to the Fortify Source Code Analysis tool for help developing an absentee ballot request system for the U.S. Armed Forces. The system allows deployed military personnel to securely request and receive absentee ballot packages via the Web...
- October 05, 2006
The past few weeks saw the release of new products to protect applications. Here's a look at some of those products, including WhiteHat Satellite, Aladdin HASP, AttackAPI (0.7) and Thor 0.99.
- September 20, 2006
Web application firewalls have improved performance and functionality, but it still takes time, knowledge and skills to implement them, according to a recent Burton Group report. They are not "fire and forget" solutions.
- September 13, 2006
Over the past month, several application security products have been announced. Here's a roundup of some of those new tools, including Parasoft's Jtest 8.0, SIFT's Web Method Search tool and WiKID 2.1.1.
- September 08, 2006
American Express, Discover, JCB, MasterCard and Visa have created an independent PCI standards council. Their first act was to release version 1.1 of the PCI Data Security Standard, which clarifies existing requirements as well as adds a new one for...
- September 04, 2006
Industry observers hope the PCI standard will focus more on security at the application layer -- not weaken current regulations -- and that the standards process will become more open.
- August 30, 2006
Application logic attacks are common, dangerous and difficult to detect. In this interview, expert Rami Jaamour defines and analyzes logic attacks and provides in-depth security advice. As these threats become more popular, it is imperative to ...