Email Alerts
-
An application security guide for software testers
This guide explains what's involved in addressing application security form a software tester's perspective by presenting common threats and strategies to deal with them. Tutorial
-
A software tester's application security guide
This application security testing guide is custom tailored to fit the needs of software quality professionals and application testers. App Security Tutorial
-
Agile software development tutorial: Agile requirements gathering
In this section of our agile development tutorial, learn tips and techniques for defining and gathering requirements in an agile environment. Tutorial
-
Top ten mobile application threats to enterprise security
Check out the top ten threats presented by enterprise mobile applications, according to the OWASP Mobile Security Project. Photo Story | 19 Feb 2013
-
SQL injection flaw is a welcome mat for black hats on file-sharing site
Recently, a group of hackers was able to gain access to user's personal files on a file-sharing site via SQL injection flaws. The group was able to view and edit personal information further proving that SQL injection is a major problem. News | 08 Jul 2010
-
VisibleThread aims to boost IT documentation quality, improve processes
Start-up VisibleThread's new document structure and quality analysis tool has uses ranging from requirements management to documentation quality enforcer. VisibleThread's software structure and quality detection capabilities can improve development a... Article | 26 Oct 2009
-
Blueprint rolls out Requirements Center 2010
Blueprint Requirements Center 2010 from Toronto-based Blueprint launched this week with new features targeting the needs of distributed teams and offering enhanced stakeholder collaboration. According to Tony Higgins, VP of products at Blueprint, fo... Article | 14 Jun 2009
-
Agile aims to bridge software requirements communications gap
Agile software development bridges the software requirements communications gap by embracing flexibility and face-to-face communication rather than depending on documents to communicate, agile practitioners say. Article | 22 Oct 2008
-
Software requirements sign-off essential for solid QA
Not properly signing off on a software project's requirements limits the quality assurance (QA) team's ability to ensure that the software does as it's intended. Column | 11 Apr 2008
-
Poor business requirements process leads to high project costs, study finds
A recent IAG Consulting study finds that companies that have poor business requirements processes can expect to spend 49% more money and 39% more time on a project. Article | 21 Feb 2008
-
From use case diagrams to context diagrams
It's tempting to consider use case diagrams as context diagrams because they do show context. But having one diagram for both will result in an unreadable cloud of bubbles. Article | 01 Nov 2007
-
Agile development: Don't forget the documentation
Eliminating documentation may speed software development, but it will create problems at the end as supporting groups try to figure out what the product actually does. Column | 25 Oct 2007
-
The pros and cons of use case diagrams
Putting too much into a use case diagram can often render the otherwise useful technique of use cases almost useless. Kevlin Henney recommends a more balanced and restrained approach in order to not lose readers in a myriad of bubbles and microscopic... Article | 24 Sep 2007
- See more News on Penetration Testing
-
How to deliver, implement testable software requirements
Knowing how to develop and implement software requirements is key in meeting client goals and delivering the best possible product. In this tip you will learn best practices in needs analysis, reverse presentations, and business analysis. Tip
-
Defining requirements during software project feasibility analysis
There are at least two key points in a software project when requirements should be defined. One point people often miss is during feasibility analysis, and failure to define requirements at this stage can doom a project. Tip
-
Using proactive test design methods to catch requirements issues early
Proactive test design allows QA testers to identify requirements and design problems at an earlier stage than with traditional test cases. Tip
-
Pictures communicate software requirements without slowing development
No matter what software development method you use, you can't overlook the need for clearly stated requirements. Pictures, flow charts, and diagrams can give testers the artifacts they need to properly test software and not slow development. Tip
-
Testers' involvement in requirements gathering important
In this increasingly complex software development era, it is important to include testing as early in the project as possible. And that means starting with requirements gathering. Tip
-
Mastering the Requirements Process, 2nd Edition: Chapter 2, The Requirements Process
Requirements gathering, documentation, reuse and so forth are detailed in "Mastering the Requirements Process, 2nd Edition." This free chapter outlines the basics of the requirements process Tip
-
Tuning up your software requirements reviews
The most powerful quality practice available to the software industry today is inspection of software requirements documentation. The problem is most organizations don't do them or do them badly. Karl E. Wiegers offers advice for holding more effecti... Tip
-
Don't overlook nonfunctional software requirements
Nonfunctional software requirements describe how well the software does what it does. By exploring quality attributes during requirements elicitation, you can influence the function, design and architecture of the product and help give customers some... Tip
-
Do in-house testers beat an outsourced security testing service?
Security testing is very specialized. Is it better to outsource this effort or should in-house testers be responsible for security testing? Answer
-
Penetration testing and other security testing techniques
It can be hard to keep pace with the various types of security testing required in today's complex and often dangerous Web environment. In this response, expert John Overbaugh explains some of the most common and necessary security testing techniques... Answer
-
When and how to perform penetration testing
Hackers are increasingly sophisticated in how they exploit weaknesses in network and Web application security. In this response, expert John Overbaugh explains the importance of penetration testing and how to ensure comprehensive security of your app... Answer
-
Functional vs non-functional requirements, what is the difference?
Robin Goldsmith takes another stab at this question of functional vs non-functional requirements in this expert response. According to Goldsmith the difference lies in the applications need and what it is intended for. Ask the Expert
-
How to write an SRS document for three different databases
Ask the Expert
-
How to write a Software Requirements Specification (SRS) document
Knowing how to write requirements documentation is crucial when developing and tracking the completion of software. Expert Robin Goldsmith goes over how to write SRS documents and how to distinguish them in this expert response. Ask the Expert
-
How to search through requirements documentation effectively
Expert tackles the daunting task of searching through requirements documentation to discover the most important parts of the documentation while she explains how. Ask the Expert
-
Where can software requirements vision-and-scope documents be found?
Software requirement expert Robin Goldsmith discusses a vision-and-scope document example and other methods of determining project and requirements scope. Ask the Expert
-
Writing a software requirements specification (SRS) for a portal app
An SRS describes the requirements of a software product -- what it must do in order to function as expected. The standard format is identical regardless of the software's use. Ask the Expert
-
Should QA check changes from outside the requirements document?
Should QA be checking over requirements changes from sources such as emails, Excel spreadsheets and other documents besides the requirements document? Ask the Expert
- See more Expert Advice on Penetration Testing
-
requirements analysis (requirements engineering)
Requirements analysis, also called requirements engineering, is the process of determining user expectations for a new or modified product... (Continued) Definition
-
Wirth's Law
Wirth's Law states that computer software increases in complexity faster than does the ability of available hardware to run it... (Continued) Definition
-
functional specification
A functional specification (or sometimes functional specifications) is a formal document used to describe in detail for software developers a product's intended capabilities, appearance, and interactions with users. Definition
-
software requirements specification (SRS)
A software requirements specification (SRS) is a comprehensive description of the intended purpose and environment for software under development. The SRS fully describes what the software will do and how it will be expected to perform... (Continued)... Definition
-
Software Engineering Institute (SEI)
The Software Engineering Institute (SEI) is a research, development and training center involved in computer software and network security. The SEI works with industry, academic institutions and the United States government to improve the performance... Definition
-
An application security guide for software testers
This guide explains what's involved in addressing application security form a software tester's perspective by presenting common threats and strategies to deal with them. Tutorial
-
A software tester's application security guide
This application security testing guide is custom tailored to fit the needs of software quality professionals and application testers. App Security Tutorial
-
Do in-house testers beat an outsourced security testing service?
Security testing is very specialized. Is it better to outsource this effort or should in-house testers be responsible for security testing? Answer
-
Top ten mobile application threats to enterprise security
Check out the top ten threats presented by enterprise mobile applications, according to the OWASP Mobile Security Project. Photo Story
-
Penetration testing and other security testing techniques
It can be hard to keep pace with the various types of security testing required in today's complex and often dangerous Web environment. In this response, expert John Overbaugh explains some of the most common and necessary security testing techniques... Answer
-
When and how to perform penetration testing
Hackers are increasingly sophisticated in how they exploit weaknesses in network and Web application security. In this response, expert John Overbaugh explains the importance of penetration testing and how to ensure comprehensive security of your app... Answer
-
SQL injection flaw is a welcome mat for black hats on file-sharing site
Recently, a group of hackers was able to gain access to user's personal files on a file-sharing site via SQL injection flaws. The group was able to view and edit personal information further proving that SQL injection is a major problem. News
-
Functional vs non-functional requirements, what is the difference?
Robin Goldsmith takes another stab at this question of functional vs non-functional requirements in this expert response. According to Goldsmith the difference lies in the applications need and what it is intended for. Ask the Expert
-
How to write an SRS document for three different databases
Ask the Expert
-
How to write a Software Requirements Specification (SRS) document
Knowing how to write requirements documentation is crucial when developing and tracking the completion of software. Expert Robin Goldsmith goes over how to write SRS documents and how to distinguish them in this expert response. Ask the Expert
- See more All on Penetration Testing
About Penetration Testing
Penetration testing is a method of testing to simulate a breach of security or an attack from a malicious source. The system is analyzed for potential weaknesses or vulnerabilities and examined from the viewpoint of a potential attacker. The testing will work to actively exploit security vulnerabilities and will report back to the system owner risks, feasibility for an attack, and recommended steps to mitigate the risks of an attack. Penetration testing can be performed as a white-box test, where system internals are known, or as a black-box test, which would be similar to a malicious user with no knowledge of the infrastructure being tested.