Preventing security attacks using the ESAPI

Security expert John Overbaugh explores solutions and strategies that are relatively easy to implement and that prevent some of the most common attacks in part two of this two-part article.
Three phases of an anonymous attack methodology

Security expert John Overbaugh examines three of Anonymous’ most common techniques for attacking websites and how they are carried out.
Security testing for unvalidated redirects and forwards

Security expert John Overbaugh gives security testers the information they need in order to ensure the Web application code that they’re responsible for is protected.
Prioritizing security concerns in today's market

Expert John Overbaugh identifies the three top concerns of the test manager and offers advice on how to stay ahead of the curve when it comes to security and compliance.

Software Security Test Best Practices

Essential Knowledge
News
Tips
Expert Advice
Definitions
Multimedia
All

Email Alerts

Register now to receive SearchSoftwareQuality.com-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Security lesson: Beating web application security threats

Explore the importance of Web application testing processes and find suggestions on best practices with a webcast on scanning and testing Web application security, a podcast on security testing and a tip on Web application best practices in this less... Tutorial
Security lesson: How to test for common security defects

In this security defects lesson, information security expert Kevin Beaver explores the underlying causes of gaps in the software testing process and offers suggestions on what can be done to fix this problem once and for all. Tutorial
Common software security oversights school

Common software security oversights can cause weaknesses you cannot afford to overlook. Kevin Beaver will share with you just what you need to know in order to find the most Web security vulnerabilities that are important in your environment and spec... Tutorial
Web application security -- How to prevent attacks

The battle against hackers is a difficult one. This guide introduces you to popular Web application attacks and provides tips, techniques and advice for keeping the bad guys out. Guide
PCI DSS compliance: Web application firewalls (WAFs)

Web application firewalls (WAFs) are one option for those seeking compliance with requirement 6.6 of the PCI DSS. The benefits, limitations and proper implementation of WAFs are discussed by security experts in this section. Learning Guide
PCI DSS compliance: The basics

PCI DSS requires merchants to employ basic application security techniques in order to be in compliance. Here is an overview of PCI DSS and requirement 6.6. Learning Guide
PCI DSS compliance: Code review

Code review is a broad security concept and those looking at this option for compliance will find plenty of expert information on the types of code review in this section of the guide. Learning Guide
Web application security and the PCI DSS

Software security should be integrated into the software development lifecycle at every phase. While the PCI DSS doesn't account for all of this, here are some tips to get you started on a holistic approach toward security. Learning Guide
Video: Classification, detection of application backdoor attacks

Application backdoor attacks bypass authentication and can result in systems or data within those systems being compromised. Listen as Veracode's Chris Wysopal explains static detection methods for finding the four major types of backdoor attacks. Videos
Better software through debugging and unit testing -- Debugging for security

Application security is, unfortunately, still an afterthought in the SDLC. Debugging, however, presents a perfect opportunity to root out security holes. Learning Guide
See More: Essential Knowledge on Software Security Test Best Practices

STAREAST: An interview about Test Centers of Excellence with Tom Delmonte

What exactly is a Test Center of Excellence (TCoE) and how do quality organizations go about putting one together? In this interview with STAREAST presenter and quality advocate Tom Delmonte, we find out more about TCoEs and how they can be effective... News | 27 Apr 2011
Building an Agile test practice: Q&A with advocates for quality

What does it take to add a test practice on top of a high-functioning Agile team? The task at Menlo Innovations was to incorporate QA into their practices. How did they do it? Matt Heusser interviews two quality advocates from Menlo Innovations to fi... News | 26 Apr 2011
STAREAST: Software testing with fuzzing and fault modeling -- Interview with Shmuel Gershon

The real world isn't always like a test environment. How do we test for the unexpected problems such as system faults or malicious attacks? SSQ contributor Matt Heusser talks to Shmuel Gershon, presenter at STAREAST with a talk titled, "Fuzzing and F... News | 20 Apr 2011
Glitch author seeks mandated software quality controls

In Part 2 of this SSQ interview with Glitch author Jeff Papows, we learn more about Papows' proposal for an IT Governance Manifesto which would mandate higher standards of quality for life-threatening software. Papows warns of the dangers of not taki... Interview | 03 Nov 2010
Hacking for Dummies: Ethical hacking to expose security vulnerabilities

"Hacking for Dummies," by Kevin Beaver gives detailed information about how to ethically hack into your systems to expose security vulnerabilities. In this interview with SearchSoftwareQuality.com, Beaver discusses the book, methods of security testi... Interview | 18 Oct 2010
Gain better software testing skills: Practice what the pros preach

CAST Conference presentation on becoming a superstar tester provides insights into ways testers can further their careers. Well-known experts Michael Bolton and Matt Heusser share thoughts on becoming a 'go-to' person and working more efficiently. Article | 03 Aug 2010
Microsoft hopes to redeem vulernability flaw in IE with patch

Microsoft has just announced an upcoming patch for IE 6 and 7 users suffering from any one of several vulernability issues. News | 29 Mar 2010
How new Web application platforms put dev/test pros' careers at risk

Rapid changes in web application development platforms, such as Ajax and Visual Studio, are causing a skills gap. Veteran software developers and testers are struggling to keep up with emerging development platform technologies that don't capitalize ... Interview | 15 Mar 2010
Using firewalls for software testing: Pros and cons

Network firewalls, what are the pros and cons? Software expert chimes in on how firewalls protect valued data and deter unwwanted people from gaining access to applications. News | 02 Dec 2009
Web application security best practices: Tips on implementation

In this video, Hugh Thompson, founder of People Security, discusses Web application security best practices and strategies. News | 03 Nov 2009
See More: News on Software Security Test Best Practices

Preventing security attacks using the Enterprise Security API (ESAPI)

Security expert John Overbaugh explores solutions and strategies that are relatively easy to implement and that prevent some of the most common attacks in part two of this two-part article. Tip
Anonymous attacks: Three phases of an anonymous attack methodology

Security expert John Overbaugh examines three of Anonymous’ most common techniques for attacking websites and how they are carried out. Tip
Security testing for unvalidated redirects and forwards

Security expert John Overbaugh gives security testers the information they need in order to ensure the Web application code that they’re responsible for is protected. Tip
Building software security testing skills for managers

Security expert John Overbaugh describes how managers can foster the professional growth of employees by helping them get the training they need to become skilled security testers. Tip
Software security: Four lessons testers should learn from Stuxnet

In this tip, security expert John Overbaugh points out four areas of security that were compromised with the Stuxnet virus: physical security, patching, design and implementation. Security testers will know better how they can prevent such a virus fr... Tip
Transitioning to Agile development: What about quality assurance?

It's not uncommon for QA managers and testers to feel displaced in an Agile transition. In this tip, Agile expert Lisa Crispin explains the important role of the QA manager in an Agile environment. Tip
CIOs and software quality assurance: Five hurdles for QA managers

Director of QA and instructor John Scarpino has provided tips for overcoming five hurdles associated with CIO expectations. Tip
Embedded software: Testing for the most common defects

By researching the types of bugs found in embedded software systems, Invision consultant Jon Hagar has created an embedded software error taxonomy of the most common defects in four different embedded software domain areas. Tip
Application development: Security that won't weaken performance

Security is important, but what happens when adding code to address security affects performance or usability? In this tip, SSQ contributor Crystal Bedell gives three best practices experts recommend for ensuring your application is secure, while sti... Tip
Application security: Testing for injection vulnerabilities

A top security vulnerability in Web applications is an injection attack -- one in which the Web application is tricked into treating input as if it were code, allowing a hacker to gain control of an application. In this tip, security expert John Over... Tip
See More: Tips on Software Security Test Best Practices

Prioritizing security concerns in a complex software testing market

Expert John Overbaugh identifies the three top concerns of the test manager and offers advice on how to stay ahead of the curve when it comes to security and compliance. Answer
How software testing managers can ensure security compliance

While security may be everyone’s job, the software testing manager holds particular responsibilities to ensure security requirements are met. Answer
Social media in business: Security versus function

ALM expert Kevin Parker discusses the importance of security and offers some tips to business leaders in this response. Answer
Confronting security challenges facing social networking sites

According to application security expert John Overbaugh, the two top security concerns for social networking sites are application functionality and account privacy. Answer
Save time and trouble: Conduct security testing before production

Expert John Overbaugh provides insights into why conducting security testing early in the lifecycle is important, and explains what to test for and when. Answer
How to implement automated security testing in the continuous integration cycle

According to expert John Overbaugh, testers can implement automated testing to catch code security issues, and to conduct unit, acceptance and functional testing in an Agile environment. Here he explains the different types of tests and how to automa... Answer
Business decision making: Trade-offs between security solutions and performance

In a previous response, security expert John Overbaugh addressed the trade-offs between security and performance. Many companies face these trade-offs and struggle with the business decision. In this expert response, he addresses strategies business ... Answer
Security tools and application lifecycle management

Security and security tools have become more necessary to the application lifecycle, according to recent research. In this response, expert John Overbaugh discusses why security tools are essential to ALM and explains how he sees security activities ... Answer
Data protection for non-sensitive and sensitive information

Expert John Overbaugh defines security as confidentiality, integrity and availability of information across systems and applications. Read this response for an explanation of security concerns for all applications. Answer
Weighing application security strategy options

Security is frequently a trade-off between "convenience" and security. In this response, expert John Overbaugh weighs the available security strategy options with performance objectives. Answer
See More: Expert Advice on Software Security Test Best Practices

static verification

Static verification is the set of processes that analyzes code to ensure defined coding practices are being followed, without executing the application itself. Definition

WebGoat: password weakness issues, basic application hacking concerns

Expert Kevin Beaver shows testers how basic application oversights can cost them dearly in this lesson on password weakness and basic hacking. Video
Webgoat Tutorial

Expert Kevin Beaver demonstrates some of the power and versatility of free online testing tool Webgoat. Video
Software Testing: How to know you're ready to start testing

In this podcast, software testing and quality assurance (QA) expert Michael Kelly gives pointers about how to know when you're ready to start testing and the critical elements of good testing processes. Podcast
Software security: Removing insecurity from outsourced development

In this podcast, software security expert Jack Danahy describes when and when not to outsource application development and why. Podcast
Web application security testing basics

Static and dynamic analysis -- manual or automated -- can help uncover Web app security flaws. Learn how to use the techniques to make sure your applications aren't open to attack. Podcast
Black, gray and white box testing explained -- Podcast

Security is critical when operating a Web application. Black, gray and white box tests are three tests you can conduct to ensure an attacker can't get to your application. In this podcast, Jennette Mullaney refers to information from Dan Cornell, pri... Podcast
How source code analysis improves application security

New application vulnerabilities are disclosed daily. Many of them, however, can be discovered and resolved through source code analysis. Learn how in this podcast with Denim Group's Dan Cornell. Podcast
Ajax security: A dynamic approach

Ajax security can be achieved by following the proper guidelines. In this podcast, expert Caleb Sima explains why Ajax is not inherently insecure, which tools work and which don't, and how to safely deploy Ajax. Podcasts
Injection attacks -- Knowledge and prevention

SQL injection is recognized as a major threat to application security, but what about other injection attacks? SPI Dynamics' Caleb Sima dissects these exploits and offers straightforward prevention techniques in this podcast. Podcasts

Preventing security attacks using the Enterprise Security API (ESAPI)

Security expert John Overbaugh explores solutions and strategies that are relatively easy to implement and that prevent some of the most common attacks in part two of this two-part article. Tip
Anonymous attacks: Three phases of an anonymous attack methodology

Security expert John Overbaugh examines three of Anonymous’ most common techniques for attacking websites and how they are carried out. Tip
Security testing for unvalidated redirects and forwards

Security expert John Overbaugh gives security testers the information they need in order to ensure the Web application code that they’re responsible for is protected. Tip
Prioritizing security concerns in a complex software testing market

Expert John Overbaugh identifies the three top concerns of the test manager and offers advice on how to stay ahead of the curve when it comes to security and compliance. Answer
How software testing managers can ensure security compliance

While security may be everyone’s job, the software testing manager holds particular responsibilities to ensure security requirements are met. Answer
Building software security testing skills for managers

Security expert John Overbaugh describes how managers can foster the professional growth of employees by helping them get the training they need to become skilled security testers. Tip
Social media in business: Security versus function

ALM expert Kevin Parker discusses the importance of security and offers some tips to business leaders in this response. Answer
Confronting security challenges facing social networking sites

According to application security expert John Overbaugh, the two top security concerns for social networking sites are application functionality and account privacy. Answer
Save time and trouble: Conduct security testing before production

Expert John Overbaugh provides insights into why conducting security testing early in the lifecycle is important, and explains what to test for and when. Answer
How to implement automated security testing in the continuous integration cycle

According to expert John Overbaugh, testers can implement automated testing to catch code security issues, and to conduct unit, acceptance and functional testing in an Agile environment. Here he explains the different types of tests and how to automa... Answer
See More: All on Software Security Test Best Practices

About Software Security Test Best Practices

Software security testing verifies that the software complies with security requirements. A security test plan would specify security requirements and tests that should be performed to locate weaknesses or situations that would cause a violation of security requirements. Security testing should include testing for confidentiality, integrity, authentication, authorization, availability and non-repudiation. The security requirements should consider each of these areas and security test should be performed to verify compliance.

Latest Headlines

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Blogs

Software Security Test Best Practices

Email Alerts

About Software Security Test Best Practices

More from Related TechTarget Sites