-
Security lesson: Beating web application security threats
Explore the importance of Web application testing processes and find suggestions on best practices with a webcast on scanning and testing Web application security, a podcast on security testing and a tip on Web application best practices in this less... Tutorial
-
Security lesson: How to test for common security defects
In this security defects lesson, information security expert Kevin Beaver explores the underlying causes of gaps in the software testing process and offers suggestions on what can be done to fix this problem once and for all. Tutorial
-
Common software security oversights school
Common software security oversights can cause weaknesses you cannot afford to overlook. Kevin Beaver will share with you just what you need to know in order to find the most Web security vulnerabilities that are important in your environment and spec... Tutorial
-
Full Spectrum of soapUI for open source software testing: Tutorial
In this four-part series on soapUI, learn tips and tricks to perform a number of different software testing operations using this widely-accepted open source tool. Tutorial
-
SearchSoftwareQuality.com Editorial Advisory Board
Meet the members of SearchSoftwareQuality.com's advisory board. Our advisory board members are leaders in the software industry, providing expertise and guidance to SearchSoftwareQuality.com's editorial team so we can better serve our readers and the... Advisory Board
-
PCI DSS compliance: Code review
Code review is a broad security concept and those looking at this option for compliance will find plenty of expert information on the types of code review in this section of the guide. Learning Guide
-
Web application security and the PCI DSS
Software security should be integrated into the software development lifecycle at every phase. While the PCI DSS doesn't account for all of this, here are some tips to get you started on a holistic approach toward security. Learning Guide
-
Know-IT-All Chapter Quiz: Professional VB 2005, Chapter 13: Security in the .NET Framework 2.0
Think you know all there is about using the security features in .NET Framework 2.0? We challenge you to test your skills by taking our latest quiz. Share the results with us and get a chance to win a copy of Professional VB 2005 written by Bill Evje... Quiz
-
STAREAST: An interview about Test Centers of Excellence with Tom Delmonte
What exactly is a Test Center of Excellence (TCoE) and how do quality organizations go about putting one together? In this interview with STAREAST presenter and quality advocate Tom Delmonte, we find out more about TCoEs and how they can be effective... News | 27 Apr 2011
-
STAREAST: Software testing with fuzzing and fault modeling -- Interview with Shmuel Gershon
The real world isn't always like a test environment. How do we test for the unexpected problems such as system faults or malicious attacks? SSQ contributor Matt Heusser talks to Shmuel Gershon, presenter at STAREAST with a talk titled, "Fuzzing and F... News | 20 Apr 2011
-
Movers and shakers in the Software testing arena
Changes, progression and choices in the software testing tool market are practically endless. Join software consultant Theresa Lanowitz as she explores major and minor league players in the testing tool market. Article | 27 Aug 2010
-
Coverity 5 aims to discover and destroy software bugs
Coverity recently announced its fifth software rendition of their bug tracking, reporting and elimination tool. This new version aids testers with improved usability features and updated tracking, detection and defect deletion metrics. News | 30 Jun 2010
-
Why you don't need to buy a testing tool, except when you do
Software application testing expert explains proper software testing tool selection, what to look for in tools, vendors and customer service, when you need a tool and when you can get by without one. News | 12 Jan 2010
-
Lesser-known free software testing tools testers should try
Test pros recommend free software testing tools at the Starwest 2009 conference. Tools such as FitNess, CTE-XL and Unified TestPro topped their list of favorites. Article | 08 Oct 2009
-
Twitter ban on Marines adds to panic
In a surprisingly draconian move, the United States Marine Corps has decided to ban the use of social networking sites Facebook, Myspace and Twitter from all USMC-owned computers due to fears of malware and loss of secret data. This is a setback for ... News | 18 Aug 2009
-
Hackers caught in Hannaford, Heartland data breaches
A federal grand jury has indicted a Miami man and two Russian hackers for their involvement in an international scheme to steal more than 130 million credit and debit card numbers from five companies. The indictment alleges the men conspired to condu... News | 18 Aug 2009
-
InfoStretch utilizes Automation Anywhere for automated testing
Cost was Infostretch's main hurdle to automating testing. This case study reveals how Infostretch got affordable automated regression testing using Automation Anywhere.Automation Anywhere, has a powerful protocol for deciphering diverse code types, i... Article | 24 Jul 2009
-
Adobe ColdFusion websites being compromised
Adobe Systems Inc. is warning users of its ColdFusion application development platform of a vulnerability being actively targeted by attackers to compromise websites. A zero-day vulnerability in theColdFusion FCKeditor rich text editor enables users ... News | 07 Jul 2009
- See More: News on Software Security Testing Tools
-
Application security: Testing for insecure file references
Insecure file references are considered a significant security risk of Web applications. In this tip, security expert John Overbaugh explains this attack and gives instructions on how you can test for and detect this vulnerability. Tip
-
Boost network security using firewalls, encryption and logging
Which is more important, network or application security? Well, the answer, of course, is both. In this first part of a two-part series, security engineer John Overbaugh starts by describing the differences between network and application security, a... Tip
-
Application security: Protecting application availability, data confidentiality and integrity
Network security and application security are both important in keeping your applications safe from hackers. In this tip, security engineer John Overbaugh focuses on application security, which is needed to protect the confidentiality, availability a... Tip
-
Embedded software test: Attack of the killer robots
Embedded software can be found in all devices from planes to pacemakers, but how do we test this kind of software? What are the differences between testing embedded software and traditional application software? In this tip, site editor Yvette Franci... Tip
-
Application security hardening for mobile and embedded software
With the increasing number of mobile devices and application downloads by consumers, application security is becoming more important than ever. In this tip, application hardening tools and the use of obfuscation is discussed. Industry analysts talk a... Tip
-
Security ALM: Testing throughout the software application lifecycle
One of the most important aspects of software development today is writing secure software. Yet, for most IT organizations, security testing is introduced too late in the cycle to be of any help. Security expert John Overbaugh shares his experiences ... Tip
-
Hacking For Dummies: Hacking Methodologies, Chapter 4
Kevin Beaver teaches the steps for successful ethical hacking, gleaning information about your organization from the Internet, scanning your network and how to look for vulnerabilities. Tools and techniques for ethical hacking are described throughou... Tip
-
Building solid security requirements
Security expert Kevin Beaver describes the steps required to build solid security requirements. Beaver walks through key questions that must be asked to ensure both business and technical needs are considered. Tip
-
Tutorial: Installing and running Selenium-RC in Perl
Used in conjunction with Selenium's online tutorials, this tip will provide additional guidance on how to start out with Selenium RC in Perl regardless of your platform or server. Once you have Selenium set up, this tip explains how to create and run... Tip
-
Beefing up SSL to ensure your applications are locked down
Even though SSL is an aged technology, most Web-related fears should lie elsewhere, says an expert. This tip explores where the real compromises are in Web security whether it is compliance issues, older SSL versions, cookies or weak encryption ciphe... Tip
- See More: Tips on Software Security Testing Tools
-
Social media in business: Security versus function
ALM expert Kevin Parker discusses the importance of security and offers some tips to business leaders in this response. Answer
-
Save time and trouble: Conduct security testing before production
Expert John Overbaugh provides insights into why conducting security testing early in the lifecycle is important, and explains what to test for and when. Answer
-
Security tools and application lifecycle management
Security and security tools have become more necessary to the application lifecycle, according to recent research. In this response, expert John Overbaugh discusses why security tools are essential to ALM and explains how he sees security activities ... Answer
-
Security tester roles in secure development lifecycle (SDL)
Some people may be surprised to learn that security testers are integral to nearly every phase of the secure development lifecycle. Answer
-
Strategies for ensuring embedded software security
All software developers have ongoing challenges with application security, and embedded software is no exception. What steps can be taken to protect embedded software applications? Answer
-
What does "security testing" of my application actually mean?
What does a manager mean by "security testing"? In this response, expert Pete Walen offers insights into the broad category of application security testing and also recommends asking for clarification about the needs for your specific project. Answer
-
When are security testing tools classified as ALM tools?
Application security testing tools can sometimes be considered part of the ALM tool set, and sometimes they fall under the category of the security management process. Read this expert response to learn how Mike Jones distinguishes different security... Answer
-
How to best security test your applications: Collaboration and outsourcing
Security testing is an important factor in the application development process, and fortunately there are specialists who work to ensure that applications are as secure as possible. However, it can be difficult to know when it is necessary to outsour... Answer
-
Penetration testing and other security testing techniques
It can be hard to keep pace with the various types of security testing required in today's complex and often dangerous Web environment. In this response, expert John Overbaugh explains some of the most common and necessary security testing techniques... Answer
-
Security requirements for any Web application
When verifying security on your Web application, there are some general considerations that everyone should check off the list. Expert John Overbaugh offers insight into application security standards and steps your team can take while developing you... Answer
- See More: Expert Advice on Software Security Testing Tools
-
static verification
Static verification is the set of processes that analyzes code to ensure defined coding practices are being followed, without executing the application itself. Word
-
pen test (penetration testing)
Penetration testing (also called pen testing) is a tool for testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. (Continued) Word
-
WebGoat: password weakness issues, basic application hacking concerns
Expert Kevin Beaver shows testers how basic application oversights can cost them dearly in this lesson on password weakness and basic hacking. Video
-
Webgoat Tutorial
Expert Kevin Beaver demonstrates some of the power and versatility of free online testing tool Webgoat. Video
-
Securing rich internet and Web 2.0 applications
Security expert Kevin Beaver discusses securing rich internet and Web 2.0 applications, part of a multimedia security reference guide. Video
-
Black, gray and white box testing explained -- Podcast
Security is critical when operating a Web application. Black, gray and white box tests are three tests you can conduct to ensure an attacker can't get to your application. In this podcast, Jennette Mullaney refers to information from Dan Cornell, pri... Podcast
-
Social media in business: Security versus function
ALM expert Kevin Parker discusses the importance of security and offers some tips to business leaders in this response. Answer
-
Save time and trouble: Conduct security testing before production
Expert John Overbaugh provides insights into why conducting security testing early in the lifecycle is important, and explains what to test for and when. Answer
-
Security tools and application lifecycle management
Security and security tools have become more necessary to the application lifecycle, according to recent research. In this response, expert John Overbaugh discusses why security tools are essential to ALM and explains how he sees security activities ... Answer
-
Security tester roles in secure development lifecycle (SDL)
Some people may be surprised to learn that security testers are integral to nearly every phase of the secure development lifecycle. Answer
-
Application security: Testing for insecure file references
Insecure file references are considered a significant security risk of Web applications. In this tip, security expert John Overbaugh explains this attack and gives instructions on how you can test for and detect this vulnerability. Tip
-
Strategies for ensuring embedded software security
All software developers have ongoing challenges with application security, and embedded software is no exception. What steps can be taken to protect embedded software applications? Answer
-
STAREAST: An interview about Test Centers of Excellence with Tom Delmonte
What exactly is a Test Center of Excellence (TCoE) and how do quality organizations go about putting one together? In this interview with STAREAST presenter and quality advocate Tom Delmonte, we find out more about TCoEs and how they can be effective... News
-
What does "security testing" of my application actually mean?
What does a manager mean by "security testing"? In this response, expert Pete Walen offers insights into the broad category of application security testing and also recommends asking for clarification about the needs for your specific project. Answer
-
STAREAST: Software testing with fuzzing and fault modeling -- Interview with Shmuel Gershon
The real world isn't always like a test environment. How do we test for the unexpected problems such as system faults or malicious attacks? SSQ contributor Matt Heusser talks to Shmuel Gershon, presenter at STAREAST with a talk titled, "Fuzzing and F... News
-
When are security testing tools classified as ALM tools?
Application security testing tools can sometimes be considered part of the ALM tool set, and sometimes they fall under the category of the security management process. Read this expert response to learn how Mike Jones distinguishes different security... Answer
- See More: All on Software Security Testing Tools
About Software Security Testing Tools
Tools for software security testing, also called penetration testing, can vary depending on the application under test and the type of security test being performed. Black box testing technologies are those in which the software internals and architecture are unknown. Technology incorporated into tools for security black box testing include fuzzing, syntax testing and test scaffolding. Web security testing comes with its own set of specific considerations and there are many tools designed to specifically address Web-based application vulnerabilities.