Email Alerts
-
Application security testing: Protecting your application and data
Application security testing is critical in ensuring your data and applications are safe from security attack. This e-book, written for IT management, including QA and development managers, explains the basics of application security and then delves ... E-Book
-
PCI DSS compliance: The basics
PCI DSS requires merchants to employ basic application security techniques in order to be in compliance. Here is an overview of PCI DSS and requirement 6.6. Learning Guide
-
PCI DSS compliance: Code review
Code review is a broad security concept and those looking at this option for compliance will find plenty of expert information on the types of code review in this section of the guide. Learning Guide
-
PCI DSS compliance: Web application firewalls (WAFs)
Web application firewalls (WAFs) are one option for those seeking compliance with requirement 6.6 of the PCI DSS. The benefits, limitations and proper implementation of WAFs are discussed by security experts in this section. Learning Guide
-
Web application security and the PCI DSS
Software security should be integrated into the software development lifecycle at every phase. While the PCI DSS doesn't account for all of this, here are some tips to get you started on a holistic approach toward security. Learning Guide
-
Application threats: CSRF, injection attacks and cookie replay
Web application exploits come in a variety of forms. There are a few that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. But... Learning Guide
-
Authentication & authorization: Secure ID and user privileges
Authentication and authorization work together to prevent a multitude of application security attacks. While the basic concepts behind these two methods may be simple, the technology is not. There is a vast array of authentication and authorization t... Learning Guide
-
Five application security threats and how to counter them
New threats emerge every day. In order to be secure, you must be able to identify the major threats and understand how to counter them. Here is a guide to the five most common and insidious threats to applications -– and what you can do about t... Learning Guide
-
Know IT All Trivia: Application security
Test your knowledge of application security with these trivia questions. Quiz
-
Developing secure enterprise Java applications
Java application security tips, techniques, tools and other resources from SearchSoftwareQuality. Learning Guide
-
Developing secure .NET applications
There's no denying the importance of incorporating security at the application level. While some issues are similar across platforms, .NET developers face their own challenges. The resources here will help you understand the basics of .NET applicatio... Learning Guide
- See more Essential Knowledge on Building security into the SDLC (Software development life cycle)
-
Requirements management with embedded software: Interview with IntraPace
What are the important considerations of a requirements management tool when developing embedded software for a medical device? In this Q&A with IntraPace software development manager Mace Volzing, SSQ asks about managing requirements for the abiliti... News | 17 Dec 2010
-
Glitch author seeks mandated software quality controls
In Part 2 of this SSQ interview with Glitch author Jeff Papows, we learn more about Papows' proposal for an IT Governance Manifesto which would mandate higher standards of quality for life-threatening software. Papows warns of the dangers of not taki... Interview | 03 Nov 2010
-
GatherSpace beefs up cloud-based requirements management
GatherSpace version 2 is now available and continues to offer low-cost software requirements gathering technology that is easily learned and easily implemented. According to GatherSpace founder Darren Levy, "It's painlessly easy to use, and an unbloa... Article | 24 Aug 2009
-
ALM: Best of breed vs. complete systems
The ALM tool market is in an uproar as countless acquisitions, trends and shifts have altered the way in which application lifecycles are monitored industry experts explain situation. Article | 20 Aug 2009
-
Why the quality assurance department should be involved in testing
Bring the quality assurance department's many resources into the software testing process from the get-go, one expert advises, and watch common software development problems dissolve. Column | 09 Mar 2009
-
Secure software development practices 'not rocket science'
SAFECode's guide to secure software development provides practices for all stages of the software development lifecycle proven to improve software security. Article | 08 Dec 2008
-
Browser security a concern for website development
The number of Web browsers and the rise of sophisticated attacks against them, such as cross-site request forgery and clickjacking, complicate website development, security, and testing. Article | 15 Oct 2008
-
PCI DSS compliance: Web application firewall or code review?
If you need to comply with the application security regulation of the PCI Data Security Standard, should you opt for code reviews or a Web application firewall? Experts offer their opinions. Article | 19 May 2008
-
Application security enters uncharted regions
The revelation that pacemakers can be hacked illustrates how software makers have to start thinking differently about application security and quality. Column | 27 Mar 2008
-
Developers get bigger role in software quality, security
In the continuing drive to address quality and security earlier in the software development lifecycle (SDLC), two thought leaders in the automated source code analysis market -- Klocwork and Ounce Labs -- are targeting new releases at the developer. Article | 28 Jan 2008
- See more News on Building security into the SDLC (Software development life cycle)
-
Debunking myths of application lifecycle management
In this tip, we expose three myths of Application Lifecycle Management (ALM) which continue to quietly impede successful software development and delivery across industries. Understanding that best-in-class isn’t always the best option, that there is... Tip
-
Test design focused on expediting functional test automation
Senior test architect David Johnson describes test design paradigms such as keyword-based test design, which can be leveraged for functional test automation. Johnson addresses both commercial and open source solutions in both agile and predictive env... Tip
-
Requirements rethinking tutorial: Improving pre-development software analysis - Part 2
An expert shows how reimagining the software requirements elicitation process can lead to improving business requirements and add value to applications. In this tip, learn how to better evaluate your requirements upfront and throughout the SDLC. Tip
-
Reliably estimating the software requirements effort
Differences in how business analysts and project managers define "requirements estimation" frustrate the software requirements elicitation process. No matter what methodology is in use, without adequately defining requirements, software projects are ... Tip
-
Focus stories, business mission, goals, intents and the backlog
Software development roles evolve as product owner focus changes. Agile groups may need to adjust test strategy, roadmaps and iterations to ensure top-notch QA and timely product delivery, says an expert. Tip
-
The role of quality assurance (QA) pros in software security
Along with developers, security managers and IT auditors, QA pros have an active and important role in the information security process. Tip
-
Common software security risks and oversights
We have a tendency to focus on the sexy technical side of software security, but many overlooked software security risks have more to do with operational and documentation problems. Tip
-
How to develop secure applications
It's not enough to begin securing applications in the testing phase -- secure applications start with secure code. Tip
-
Software Security Engineering: A Guide for Project Managers -- Chapter 3, Requirements Engineering f
Software security requirements engineering is a critical part of the software development lifecycle. This free book chapter explains how to approach requirements engineering for a secure SDLC. Tip
-
Writing software requirements that address security issues
Experts always say you need to bake security into the development lifecycle. To do that, you need to take a hard look at the security requirements written for the software. Kevin Beaver offers some advice on what you should consider during this criti... Tip
- See more Tips on Building security into the SDLC (Software development life cycle)
-
The whole team approach to QA/test time
QA/test role does not just belong to the test manager. In the whole team approach, the responsibility is spread throughout the team. ATE
-
Protecting software: Writing security requirements
Business analysts and product managers play an important role in protecting software. Requirements expert Scott Sehlhorst explains more. ATE
-
Requirements management process: Security and application performance
Organizations need to explicitly address security and application performance during the requirements management process according to expert Dan Cornell. Answer
-
Scaling Agile requirements management to the enterprise level
While the principles of Agile requirements management are the same regardless of project size, there are several considerations for scaling to the enterprise. Answer
-
How traceability benefits the software development lifecycle
Read expert Scott Sehlhorst’s explanation to learn how traceability of requirements improves visibility into building the right product as well as building the product right. Answer
-
How to define security requirements and manage risk in software development
Defining business security requirements is a collaborative effort, involving the participation of architects, business analysts and regulatory bodies. There is no black-and-white answer about achieving the best possible security for your software app... Answer
-
Which requirements have the greatest effect on quality in software development?
Requirements metrics can be easy to define, difficult track results. Expert Robin Goldsmith exaimines the requirements phase of SDLC and determines where quality can be improved. Ask the Expert
-
How to write an SRS document for three different databases
Ask the Expert
-
Problems caused by skipping analysis stage of SDLC
A requirements expert explains the possible pitfalls of skipping the analysis phase in the software life cycle development (SDLC). Ask the Expert
-
Inexpensive phase of SDLC to catch and fix bugs
Is there a phase in the development lifecycle where bugs can inexpensively repaired? This is a common question asked to our expert Kevin Beaver. Ask the Expert
- See more Expert Advice on Building security into the SDLC (Software development life cycle)
-
virtual patching
Virtual patching is the quick development and short-term implementation of a security policy meant to prevent an exploit from occurring as a result of a newly discovered vulnerability. A virtual patch is sometimes called a Web application firewall (W... Definition
-
SQL injection
SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. Definition
-
Injection attacks -- Knowledge and prevention
SQL injection is recognized as a major threat to application security, but what about other injection attacks? SPI Dynamics' Caleb Sima dissects these exploits and offers straightforward prevention techniques in this podcast. Podcasts
-
virtual patching
Virtual patching is the quick development and short-term implementation of a security policy meant to prevent an exploit from occurring as a result of a newly discovered vulnerability. A virtual patch is sometimes called a Web application firewall (W... Definition
-
The whole team approach to QA/test time
QA/test role does not just belong to the test manager. In the whole team approach, the responsibility is spread throughout the team. ATE
-
Protecting software: Writing security requirements
Business analysts and product managers play an important role in protecting software. Requirements expert Scott Sehlhorst explains more. ATE
-
Requirements management process: Security and application performance
Organizations need to explicitly address security and application performance during the requirements management process according to expert Dan Cornell. Answer
-
Scaling Agile requirements management to the enterprise level
While the principles of Agile requirements management are the same regardless of project size, there are several considerations for scaling to the enterprise. Answer
-
How traceability benefits the software development lifecycle
Read expert Scott Sehlhorst’s explanation to learn how traceability of requirements improves visibility into building the right product as well as building the product right. Answer
-
Application security testing: Protecting your application and data
Application security testing is critical in ensuring your data and applications are safe from security attack. This e-book, written for IT management, including QA and development managers, explains the basics of application security and then delves ... E-Book
-
How to define security requirements and manage risk in software development
Defining business security requirements is a collaborative effort, involving the participation of architects, business analysts and regulatory bodies. There is no black-and-white answer about achieving the best possible security for your software app... Answer
-
Debunking myths of application lifecycle management
In this tip, we expose three myths of Application Lifecycle Management (ALM) which continue to quietly impede successful software development and delivery across industries. Understanding that best-in-class isn’t always the best option, that there is... Tip
-
Requirements management with embedded software: Interview with IntraPace
What are the important considerations of a requirements management tool when developing embedded software for a medical device? In this Q&A with IntraPace software development manager Mace Volzing, SSQ asks about managing requirements for the abiliti... News
- See more All on Building security into the SDLC (Software development life cycle)
About Building security into the SDLC (Software development life cycle)
News, tips and advice on how to build security into the software development life cycle so development teams can produce secure, quality software.