Email Alerts
-
Application security: Managing software threats
Addressing security concerns from the outset of a software project all the way through to production is the only way that enterprise application delivery teams can prevent skilled attackers from stealing sensitive corporate data. Yet in many organiza... E-Handbook
-
Beating Web application security threats
The rapid increase in usage, development and complexity of Web applications has created new opportunities for companies that employ them and hackers who attack them. This handbook delivers up-to-date information on security threats to Web 2.0 and ric... E-Book
-
An application security guide for software testers
This guide explains what's involved in addressing application security form a software tester's perspective by presenting common threats and strategies to deal with them. Tutorial
-
A software tester's application security guide
This application security testing guide is custom tailored to fit the needs of software quality professionals and application testers. App Security Tutorial
-
Performance management for mobile devices: Solutions and strategies
Software experts reveal mobile application performance management challenges in the enterprise, as well as strategies, best practices and tools to address those challenges in this article. Feature
-
Testing web services with soapUI
In this article, Mike Kelly details the finer points of web services testing using soapUI. Tutorial
-
Security lesson: Beating web application security threats
Explore the importance of Web application testing processes and find suggestions on best practices with a webcast on scanning and testing Web application security, a podcast on security testing and a tip on Web application best practices in this less... Tutorial
-
Web application security and the PCI DSS
Software security should be integrated into the software development lifecycle at every phase. While the PCI DSS doesn't account for all of this, here are some tips to get you started on a holistic approach toward security. Learning Guide
-
Application threats: CSRF, injection attacks and cookie replay
Web application exploits come in a variety of forms. There are a few that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. But... Learning Guide
-
Five application security threats and how to counter them
New threats emerge every day. In order to be secure, you must be able to identify the major threats and understand how to counter them. Here is a guide to the five most common and insidious threats to applications -– and what you can do about t... Learning Guide
-
Cartoon: Perils of reporting Web site vulnerabilities
When white hat hackers report discovered vulnerabilities, the outcome isn't always what they expected. Cartoon
-
SAP application security learning guide
If you're like most IT professionals, security is at the forefront of your concerns. Learn best practices for SAP security and applications security in this learning guide from SearchSAP.com and SearchAppSecurity.com. Learning Guide
- See more Essential Knowledge on Internet Application Security
-
Top ten mobile application threats to enterprise security
Check out the top ten threats presented by enterprise mobile applications, according to the OWASP Mobile Security Project. Photo Story | 19 Feb 2013
-
PCI SSC introduces cloud compliance guidelines
A branch of the Payment Card Industry Security Standards Council has released guidelines designed to clarify the murky rules of cloud compliance. News | 18 Feb 2013
-
ThreadFix: Open source defect management tool speeds security vulnerability fixes
Security and development teams can share a common defect management tool with ThreadFix, Denim Group's new open source security tool. News | 17 Sep 2012
-
Consumerization, cloud computing and HTML 5: The future of the smartphone
"Smartphone" author Majeed Ahmad discusses present and future smartphone trends, including growing consumerization, democratization in the IT world, cloud computing and HTML 5. CIOs and other information technology buyers in the enterprise can examin... News | 27 Jan 2012
-
Why smartphones play key role in “enterprise-ation” of mobile computing
Explore smartphone and mobile computing technologies and services with expert Majeed Ahmad, author of a new book, Smartphone. News | 27 Jan 2012
-
Real-time performance monitoring for mobile apps
Mobile ALM provider Keynote DeviceAnywhere and TomTom announced a partnership that enables real-time performance monitoring for TomTom mobile devices. This solution uses a cloud-based platform and provides developers with constant monitoring as well ... News | 17 Oct 2011
-
SQL injection flaw is a welcome mat for black hats on file-sharing site
Recently, a group of hackers was able to gain access to user's personal files on a file-sharing site via SQL injection flaws. The group was able to view and edit personal information further proving that SQL injection is a major problem. News | 08 Jul 2010
-
Independence Day hackers make short work of YouTube's XSS prevention measures
Over the holiday weekend, a group of black hat users managed to shut down YouTube's comment fields by plaguing unsuspecting users with adult content through an XSS weakness. News | 07 Jul 2010
-
JBoss lightens up its next generation platform
Red Hat introduces new programming platform for upcoming next generation JAVA applications. Red Hat's three new products target diverse web applications in the multiple JAVA formats. This new platform will be able to communicate in various programmin... Article | 02 Jun 2009
-
Application security shouldn't involve duct tape, Band-Aids or bubble gum
By applying a multilayered approach to application security throughout the SDLC, software ships more securely, closer to the scheduled delivery date and closer to anticipated cost. How do you do that? Joe Basirico, a senior security trainer at Securi... Article | 15 May 2007
- See more News on Internet Application Security
-
Ten steps to better application security testing strategies
Address app testing strategy concerns at each stage of the application lifecycle and learn about tools and techniques to boost security. Tip
-
Integrating secure coding into the Agile lifecycle
It is possible to develop applications in the Agile lifecycle while minimizing security vulnerabilities, according to application security expert John Overbaugh. Tip
-
Preventing security attacks using the Enterprise Security API (ESAPI)
Security expert John Overbaugh explores solutions and strategies that are relatively easy to implement and that prevent some of the most common attacks in part two of this two-part article. Tip
-
Anonymous attacks: Three phases of an anonymous attack methodology
Security expert John Overbaugh examines three of Anonymous’ most common techniques for attacking websites and how they are carried out. Tip
-
Security testing for unvalidated redirects and forwards
Security expert John Overbaugh gives security testers the information they need in order to ensure the Web application code that they’re responsible for is protected. Tip
-
Enhance mobile application performance with network testing
Learn how to ensure robust end-to-end testing of mobile applications and their superior performance. Tip
-
Hosting in cloud computing: Using Software as a Service for source code control
Though all development shops will be using source code control (SCC), hosting the repository in the cloud is now an option that should be carefully considered. Tip
-
Dogfooding: Why CIOs and senior managers should test their own mobile apps
Using your own application or “eating your own dog food,” shows confidence in your product. Nari Kannan shares insights on why CIOs or senior managers should test mobile apps. Tip
-
Building software security testing skills for managers
Security expert John Overbaugh describes how managers can foster the professional growth of employees by helping them get the training they need to become skilled security testers. Tip
-
Wireframing tools for tablets and other mobile devices
Software consultant Nari Kannan discusses wireframing tools that help mobile and tablet app designers mockup and lay out workflow and user interface designs. Tip
- See more Tips on Internet Application Security
-
Threat modeling: Crucial early step in software development cycle
Security expert Dan Cornell explains why the practice of threat modeling early in the software development cycle is crucial for mobile developers. Answer
-
Does completing a PCI compliance checklist ensure security?
PCI DSS guidelines are a good place to start, but checking off boxes on the PCI compliance checklist will not ensure your organization is secure. Answer
-
Can universities give young developers application security training?
While the greater application development community understands the importance of application security, computer science majors lack this training. Answer
-
Stamp out XSS cross scripting vulnerabilities with proactive measures
Cross-site scripting -- XSS cross scripting -- vulnerabilities and SQL injection attacks are problems for Web app security. Learn to curb these risks. Answer
-
Maintaining SaaS data security while negotiating with vendors
SaaS applications can cause security concerns. Learn how to reduce the risk of losing data in transit by increasing SaaS data security. Answer
-
Prioritizing security concerns in a complex software testing market
Expert John Overbaugh identifies the three top concerns of the test manager and offers advice on how to stay ahead of the curve when it comes to security and compliance. Answer
-
Social media in business: Security versus function
ALM expert Kevin Parker discusses the importance of security and offers some tips to business leaders in this response. Answer
-
Confronting security challenges facing social networking sites
According to application security expert John Overbaugh, the two top security concerns for social networking sites are application functionality and account privacy. Answer
-
Application security: Using social media and collaboration tools
Social media and collaborative tools are increasingly being used on professional teams, as discussed in this expert response. Here John Overbaugh explores the potential uses of specific social media applications for security team members. Answer
-
Data protection for non-sensitive and sensitive information
Expert John Overbaugh defines security as confidentiality, integrity and availability of information across systems and applications. Read this response for an explanation of security concerns for all applications. Answer
- See more Expert Advice on Internet Application Security
-
What's ailing enterprise software security management?
Enterprise application security testing means not only finding security vulnerabilities, but tracking them down and putting an end to them. Video
-
Top ten threats to mobile enterprise security
OWASP's list of the top ten mobile security risks sheds light on mobile enterprise security concerns that all mobile app testers should be aware of. Photo Story
-
Jason Huggins demos software testing improvements at STPCon 2011
Watch this STPCon 2011 video of Jason Huggins of Selenium and Sauce Labs, in which he gives some information about his conference demonstration. He relates software testing improvement ideas to his handmade robot that can play Angry Birds on an iPhon... Video
-
Injection attacks -- Knowledge and prevention
SQL injection is recognized as a major threat to application security, but what about other injection attacks? SPI Dynamics' Caleb Sima dissects these exploits and offers straightforward prevention techniques in this podcast. Podcasts
-
Threat modeling: Crucial early step in software development cycle
Security expert Dan Cornell explains why the practice of threat modeling early in the software development cycle is crucial for mobile developers. Answer
-
An application security guide for software testers
This guide explains what's involved in addressing application security form a software tester's perspective by presenting common threats and strategies to deal with them. Tutorial
-
A software tester's application security guide
This application security testing guide is custom tailored to fit the needs of software quality professionals and application testers. App Security Tutorial
-
Does completing a PCI compliance checklist ensure security?
PCI DSS guidelines are a good place to start, but checking off boxes on the PCI compliance checklist will not ensure your organization is secure. Answer
-
Can universities give young developers application security training?
While the greater application development community understands the importance of application security, computer science majors lack this training. Answer
-
What's ailing enterprise software security management?
Enterprise application security testing means not only finding security vulnerabilities, but tracking them down and putting an end to them. Video
-
Top ten mobile application threats to enterprise security
Check out the top ten threats presented by enterprise mobile applications, according to the OWASP Mobile Security Project. Photo Story
-
PCI SSC introduces cloud compliance guidelines
A branch of the Payment Card Industry Security Standards Council has released guidelines designed to clarify the murky rules of cloud compliance. News
-
Top ten threats to mobile enterprise security
OWASP's list of the top ten mobile security risks sheds light on mobile enterprise security concerns that all mobile app testers should be aware of. Photo Story
-
Ten steps to better application security testing strategies
Address app testing strategy concerns at each stage of the application lifecycle and learn about tools and techniques to boost security. Tip
- See more All on Internet Application Security
About Internet Application Security
Web and rich Internet application security testing services can be used to detect security issues with Web applications and identify vulnerabilities. These vulnerabilities may be known vulnerabilities in custom off-the-shelf applications, technical vulnerabilities or business logic errors. Technical vulnerabilities include URL manipulation, SQL injection, cross site scripting, back-end authentication, password in memory, session highjacking, buffer overflow, Web server configuration, credential management and clickjacking. Business logic errors include day-to-day threat analysis, unauthorized logins, personal information modification, pricelist modification, unauthorized funds transfer and breach of customer trust.