Home
Topics
Software Requirements Best Practices
Building security into the SDLC (Software development life cycle)

Define security requirements and manage risk in SDLC

Defining business security requirements is a collaborative effort, involving the participation of architects, business analysts and regulatory bodies. There is no black-and-white answer about achie...
Debunking myths of application lifecycle management

In this tip, we expose three myths of Application Lifecycle Management (ALM) which continue to quietly impede successful software development and delivery across industries. Understanding that best...
Requirements management with embedded software

What are the important considerations of a requirements management tool when developing embedded software for a medical device? In this Q&A with IntraPace software development manager Mace Volzing,...
Glitch author seeks mandated software quality controls

In Part 2 of this SSQ interview with Glitch author Jeff Papows, we learn more about Papows' proposal for an IT Governance Manifesto which would mandate higher standards of quality for life-threaten...

Building security into the SDLC (Software development life cycle)

Essential Knowledge
News
Tips
Expert Advice
Definitions
Multimedia
All

SAP application security learning guide

If you're like most IT professionals, security is at the forefront of your concerns. Learn best practices for SAP security and applications security in this learning guide from SearchSAP.com and SearchAppSecurity.com. Learning Guide
Top 10 Web application security vulnerabilities

Based on the Open Web Application Security Project's top 10 project, this guide covers the 10 most critical Web application security vulnerabilities and how to protect your applications. Learning Guide
Special Report: Securing applications -- The new frontier in security

It isn't enough to secure the physical network. Today, criminals are focusing on exploiting vulnerabilities in applications. This report, written by Jim Zimmerman from Techra LLC, looks at the top application security vulnerabilities and how to deal ... Research Report
See More: Essential Knowledge on Building security into the SDLC (Software development life cycle)

Requirements management with embedded software: Interview with IntraPace

What are the important considerations of a requirements management tool when developing embedded software for a medical device? In this Q&A with IntraPace software development manager Mace Volzing, SSQ asks about managing requirements for the abiliti... News | 17 Dec 2010
Glitch author seeks mandated software quality controls

In Part 2 of this SSQ interview with Glitch author Jeff Papows, we learn more about Papows' proposal for an IT Governance Manifesto which would mandate higher standards of quality for life-threatening software. Papows warns of the dangers of not taki... Interview | 03 Nov 2010
GatherSpace beefs up cloud-based requirements management

GatherSpace version 2 is now available and continues to offer low-cost software requirements gathering technology that is easily learned and easily implemented. According to GatherSpace founder Darren Levy, "It's painlessly easy to use, and an unbloa... Article | 24 Aug 2009
ALM: Best of breed vs. complete systems

The ALM tool market is in an uproar as countless acquisitions, trends and shifts have altered the way in which application lifecycles are monitored industry experts explain situation. Article | 20 Aug 2009
Why the quality assurance department should be involved in testing

Bring the quality assurance department's many resources into the software testing process from the get-go, one expert advises, and watch common software development problems dissolve. Column | 09 Mar 2009
Secure software development practices 'not rocket science'

SAFECode's guide to secure software development provides practices for all stages of the software development lifecycle proven to improve software security. Article | 08 Dec 2008
Browser security a concern for website development

The number of Web browsers and the rise of sophisticated attacks against them, such as cross-site request forgery and clickjacking, complicate website development, security, and testing. Article | 15 Oct 2008
PCI DSS compliance: Web application firewall or code review?

If you need to comply with the application security regulation of the PCI Data Security Standard, should you opt for code reviews or a Web application firewall? Experts offer their opinions. Article | 19 May 2008
Application security enters uncharted regions

The revelation that pacemakers can be hacked illustrates how software makers have to start thinking differently about application security and quality. Column | 27 Mar 2008
Developers get bigger role in software quality, security

In the continuing drive to address quality and security earlier in the software development lifecycle (SDLC), two thought leaders in the automated source code analysis market -- Klocwork and Ounce Labs -- are targeting new releases at the developer. Article | 28 Jan 2008
See More: News on Building security into the SDLC (Software development life cycle)

Debunking myths of application lifecycle management

In this tip, we expose three myths of Application Lifecycle Management (ALM) which continue to quietly impede successful software development and delivery across industries. Understanding that best-in-class isn’t always the best option, that there is... Tip
Test design focused on expediting functional test automation

Senior test architect David Johnson describes test design paradigms such as keyword-based test design, which can be leveraged for functional test automation. Johnson addresses both commercial and open source solutions in both agile and predictive env... Tip
Requirements rethinking tutorial: Improving pre-development software analysis - Part 2

An expert shows how reimagining the software requirements elicitation process can lead to improving business requirements and add value to applications. In this tip, learn how to better evaluate your requirements upfront and throughout the SDLC. Tip
Reliably estimating the software requirements effort

Differences in how business analysts and project managers define "requirements estimation" frustrate the software requirements elicitation process. No matter what methodology is in use, without adequately defining requirements, software projects are ... Tip
Focus stories, business mission, goals, intents and the backlog

Software development roles evolve as product owner focus changes. Agile groups may need to adjust test strategy, roadmaps and iterations to ensure top-notch QA and timely product delivery, says an expert. Tip
The role of quality assurance (QA) pros in software security

Along with developers, security managers and IT auditors, QA pros have an active and important role in the information security process. Tip
Common software security risks and oversights

We have a tendency to focus on the sexy technical side of software security, but many overlooked software security risks have more to do with operational and documentation problems. Tip
How to develop secure applications

It's not enough to begin securing applications in the testing phase -- secure applications start with secure code. Tip
Writing software requirements that address security issues

Experts always say you need to bake security into the development lifecycle. To do that, you need to take a hard look at the security requirements written for the software. Kevin Beaver offers some advice on what you should consider during this criti... Tip
Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering f

Software security requirements engineering is a critical part of the software development lifecycle. This free book chapter explains how to approach requirements engineering for a secure SDLC. Tip
See More: Tips on Building security into the SDLC (Software development life cycle)

How to define security requirements and manage risk in software development

Defining business security requirements is a collaborative effort, involving the participation of architects, business analysts and regulatory bodies. There is no black-and-white answer about achieving the best possible security for your software app... Answer
Which requirements have the greatest effect on quality in software development?

Requirements metrics can be easy to define, difficult track results. Expert Robin Goldsmith exaimines the requirements phase of SDLC and determines where quality can be improved. Ask the Expert
How to write an SRS document for three different databases

Ask the Expert
Problems caused by skipping analysis stage of SDLC

A requirements expert explains the possible pitfalls of skipping the analysis phase in the software life cycle development (SDLC). Ask the Expert
Inexpensive phase of SDLC to catch and fix bugs

Is there a phase in the development lifecycle where bugs can inexpensively repaired? This is a common question asked to our expert Kevin Beaver. Ask the Expert
Software development life cycle phases, iterations, explained step by step

Phases of the software development life cycle (SDLC) are explained step-by-step, as are iteration concepts, in Robin Goldsmith's expert response to a tester's question. Ask the Expert
How to prevent HTTP response splitting

HTTP response splitting is a serious Web attack that can wreak havoc on your Web applications. Security expert Ramesh Nagappan explains how this attack works and what professionals can do to prevent this exploit. Ask the Expert
PCI DSS compliance: WAF, code review or both?

Complying with PCI DSS requirement 6.6 means installing a Web application firewall or conducting a code review. Application security expert Caleb Sima explains which option is best and how to get the most out of your app sec program. Ask the Expert
Application security careers have bright future

Application security expert Dan Cornell explains why companies are taking a greater interest in incorporating security into the SDLC, and how this trend affects those breaking into the software security field. Ask the Expert
How to prevent anti-DNS pinning attacks

Application security measures can prevent anti-DNS pinning, aka DNS rebinding. Expert Chris Wysopal explains how to protect end users from this attack. Ask the Expert
See More: Expert Advice on Building security into the SDLC (Software development life cycle)

SQL injection

Word

Injection attacks -- Knowledge and prevention

SQL injection is recognized as a major threat to application security, but what about other injection attacks? SPI Dynamics' Caleb Sima dissects these exploits and offers straightforward prevention techniques in this podcast. Podcasts

How to define security requirements and manage risk in software development

Defining business security requirements is a collaborative effort, involving the participation of architects, business analysts and regulatory bodies. There is no black-and-white answer about achieving the best possible security for your software app... Answer
Debunking myths of application lifecycle management

In this tip, we expose three myths of Application Lifecycle Management (ALM) which continue to quietly impede successful software development and delivery across industries. Understanding that best-in-class isn’t always the best option, that there is... Tip
Requirements management with embedded software: Interview with IntraPace

What are the important considerations of a requirements management tool when developing embedded software for a medical device? In this Q&A with IntraPace software development manager Mace Volzing, SSQ asks about managing requirements for the abiliti... News
Glitch author seeks mandated software quality controls

In Part 2 of this SSQ interview with Glitch author Jeff Papows, we learn more about Papows' proposal for an IT Governance Manifesto which would mandate higher standards of quality for life-threatening software. Papows warns of the dangers of not taki... Interview
Test design focused on expediting functional test automation

Senior test architect David Johnson describes test design paradigms such as keyword-based test design, which can be leveraged for functional test automation. Johnson addresses both commercial and open source solutions in both agile and predictive env... Tip
Requirements rethinking tutorial: Improving pre-development software analysis - Part 2

An expert shows how reimagining the software requirements elicitation process can lead to improving business requirements and add value to applications. In this tip, learn how to better evaluate your requirements upfront and throughout the SDLC. Tip
Reliably estimating the software requirements effort

Differences in how business analysts and project managers define "requirements estimation" frustrate the software requirements elicitation process. No matter what methodology is in use, without adequately defining requirements, software projects are ... Tip
Focus stories, business mission, goals, intents and the backlog

Software development roles evolve as product owner focus changes. Agile groups may need to adjust test strategy, roadmaps and iterations to ensure top-notch QA and timely product delivery, says an expert. Tip
Which requirements have the greatest effect on quality in software development?

Requirements metrics can be easy to define, difficult track results. Expert Robin Goldsmith exaimines the requirements phase of SDLC and determines where quality can be improved. Ask the Expert
How to write an SRS document for three different databases

Ask the Expert
See More: All on Building security into the SDLC (Software development life cycle)

About Building security into the SDLC (Software development life cycle)

News, tips and advice on how to build security into the software development life cycle so development teams can produce secure, quality software.

Latest Headlines

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Blogs

Building security into the SDLC (Software development life cycle)

About Building security into the SDLC (Software development life cycle)

More from Related TechTarget Sites