Email Alerts
-
An application security guide for software testers
This guide explains what's involved in addressing application security form a software tester's perspective by presenting common threats and strategies to deal with them. Tutorial
-
A software tester's application security guide
This application security testing guide is custom tailored to fit the needs of software quality professionals and application testers. App Security Tutorial
-
Security lesson: Beating web application security threats
Explore the importance of Web application testing processes and find suggestions on best practices with a webcast on scanning and testing Web application security, a podcast on security testing and a tip on Web application best practices in this less... Tutorial
-
Security lesson: How to test for common security defects
In this security defects lesson, information security expert Kevin Beaver explores the underlying causes of gaps in the software testing process and offers suggestions on what can be done to fix this problem once and for all. Tutorial
-
Common software security oversights school
Common software security oversights can cause weaknesses you cannot afford to overlook. Kevin Beaver will share with you just what you need to know in order to find the most Web security vulnerabilities that are important in your environment and spe... Tutorial
-
Full Spectrum of soapUI for open source software testing: Tutorial
In this four-part series on soapUI, learn tips and tricks to perform a number of different software testing operations using this widely-accepted open source tool. Tutorial
-
SearchSoftwareQuality.com Editorial Advisory Board
Meet the members of SearchSoftwareQuality.com's advisory board. Our advisory board members are leaders in the software industry, providing expertise and guidance to SearchSoftwareQuality.com's editorial team so we can better serve our readers and the... Advisory Board
-
PCI DSS compliance: Code review
Code review is a broad security concept and those looking at this option for compliance will find plenty of expert information on the types of code review in this section of the guide. Learning Guide
-
Web application security and the PCI DSS
Software security should be integrated into the software development lifecycle at every phase. While the PCI DSS doesn't account for all of this, here are some tips to get you started on a holistic approach toward security. Learning Guide
-
Know-IT-All Chapter Quiz: Professional VB 2005, Chapter 13: Security in the .NET Framework 2.0
Think you know all there is about using the security features in .NET Framework 2.0? We challenge you to test your skills by taking our latest quiz. Share the results with us and get a chance to win a copy of Professional VB 2005 written by Bi... Quiz
-
Software test plan 2013: Keynote speakers cite top trends
At STP 2013, keynote speakers weighed in on software test plans to work towards in the coming year. News | 26 Apr 2013
-
Top ten mobile application threats to enterprise security
Check out the top ten threats presented by enterprise mobile applications, according to the OWASP Mobile Security Project. Photo Story | 19 Feb 2013
-
Application security: Frameworks enforce secure coding
Application security experts say frameworks that enforce secure coding provide a better way for developers to write apps that can withstand attacks. News | 26 Nov 2012
-
Mobile embedded applications: Seven testing challenges
Mobile embedded applications are vulnerable to attack and subject to compliance mandates, and require more robust testing practices than other apps. News | 19 Nov 2012
-
ThreadFix: Open source defect management tool speeds security vulnerability fixes
Security and development teams can share a common defect management tool with ThreadFix, Denim Group's new open source security tool. News | 17 Sep 2012
-
STAREAST: An interview about Test Centers of Excellence with Tom Delmonte
What exactly is a Test Center of Excellence (TCoE) and how do quality organizations go about putting one together? In this interview with STAREAST presenter and quality advocate Tom Delmonte, we find out more about TCoEs and how they can be effective... News | 27 Apr 2011
-
STAREAST: Software testing with fuzzing and fault modeling -- Interview with Shmuel Gershon
The real world isn't always like a test environment. How do we test for the unexpected problems such as system faults or malicious attacks? SSQ contributor Matt Heusser talks to Shmuel Gershon, presenter at STAREAST with a talk titled, "Fuzzing and F... News | 20 Apr 2011
-
Movers and shakers in the Software testing arena
Changes, progression and choices in the software testing tool market are practically endless. Join software consultant Theresa Lanowitz as she explores major and minor league players in the testing tool market. Article | 27 Aug 2010
-
Coverity 5 aims to discover and destroy software bugs
Coverity recently announced its fifth software rendition of their bug tracking, reporting and elimination tool. This new version aids testers with improved usability features and updated tracking, detection and defect deletion metrics. News | 30 Jun 2010
-
Why you don't need to buy a testing tool, except when you do
Software application testing expert explains proper software testing tool selection, what to look for in tools, vendors and customer service, when you need a tool and when you can get by without one. News | 12 Jan 2010
- See more News on Software Security Testing Tools
-
Tips for database testing from the cloud
What is database testing and how is it important to your application and the company? Get tips to effectively test when data is hosted in the cloud. Tip
-
Hybrid security: Beyond pen testing and static analysis
Securing an application's attack surface takes more than pen testing and code analysis. Kevin Beaver explains the hybrid security analysis approach. Tip
-
Fing and Metasploit: Open source security testing
Fing and Metasploit helps QA pros find security flaws. Testing expert Matt Heusser explains how to use these open source tools. Tip
-
Medical apps: Focus on security-testing the user interface
To boost the security of medical apps, conduct 'attack' testing from the user interface. QA expert Amy Reichert explains how. Tip
-
Ten steps to better application security testing strategies
Address app testing strategy concerns at each stage of the application lifecycle and learn about tools and techniques to boost security. Tip
-
Security testing for unvalidated redirects and forwards
Security expert John Overbaugh gives security testers the information they need in order to ensure the Web application code that they’re responsible for is protected. Tip
-
Application security: Testing for insecure file references
Insecure file references are considered a significant security risk of Web applications. In this tip, security expert John Overbaugh explains this attack and gives instructions on how you can test for and detect this vulnerability. Tip
-
Application security: Protecting application availability, data confidentiality and integrity
Network security and application security are both important in keeping your applications safe from hackers. In this tip, security engineer John Overbaugh focuses on application security, which is needed to protect the confidentiality, availability a... Tip
-
Boost network security using firewalls, encryption and logging
Which is more important, network or application security? Well, the answer, of course, is both. In this first part of a two-part series, security engineer John Overbaugh starts by describing the differences between network and application security, a... Tip
-
Embedded software test: Attack of the killer robots
Embedded software can be found in all devices from planes to pacemakers, but how do we test this kind of software? What are the differences between testing embedded software and traditional application software? In this tip, site editor Yvette Franci... Tip
- See more Tips on Software Security Testing Tools
-
Social media in business: Security versus function
ALM expert Kevin Parker discusses the importance of security and offers some tips to business leaders in this response. Answer
-
Save time and trouble: Conduct security testing before production
Expert John Overbaugh provides insights into why conducting security testing early in the lifecycle is important, and explains what to test for and when. Answer
-
Security tools and application lifecycle management
Security and security tools have become more necessary to the application lifecycle, according to recent research. In this response, expert John Overbaugh discusses why security tools are essential to ALM and explains how he sees security activities ... Answer
-
Security tester roles in secure development lifecycle (SDL)
Some people may be surprised to learn that security testers are integral to nearly every phase of the secure development lifecycle. Answer
-
Strategies for ensuring embedded software security
All software developers have ongoing challenges with application security, and embedded software is no exception. What steps can be taken to protect embedded software applications? Answer
-
What does "security testing" of my application actually mean?
What does a manager mean by "security testing"? In this response, expert Pete Walen offers insights into the broad category of application security testing and also recommends asking for clarification about the needs for your specific project. Answer
-
When are security testing tools classified as ALM tools?
Application security testing tools can sometimes be considered part of the ALM tool set, and sometimes they fall under the category of the security management process. Read this expert response to learn how Mike Jones distinguishes different security... Answer
-
How to best security test your applications: Collaboration and outsourcing
Security testing is an important factor in the application development process, and fortunately there are specialists who work to ensure that applications are as secure as possible. However, it can be difficult to know when it is necessary to outsour... Answer
-
Penetration testing and other security testing techniques
It can be hard to keep pace with the various types of security testing required in today's complex and often dangerous Web environment. In this response, expert John Overbaugh explains some of the most common and necessary security testing techniques... Answer
-
Security requirements for any Web application
When verifying security on your Web application, there are some general considerations that everyone should check off the list. Expert John Overbaugh offers insight into application security standards and steps your team can take while developing you... Answer
- See more Expert Advice on Software Security Testing Tools
-
pen test (penetration testing)
Penetration testing (also called pen testing) is a tool for testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. (Continued) Definition
-
static verification
Static verification is the set of processes that analyzes code to ensure defined coding practices are being followed, without executing the application itself. Definition
-
Top ten threats to mobile enterprise security
OWASP's list of the top ten mobile security risks sheds light on mobile enterprise security concerns that all mobile app testers should be aware of. Photo Story
-
WebGoat: password weakness issues, basic application hacking concerns
Expert Kevin Beaver shows testers how basic application oversights can cost them dearly in this lesson on password weakness and basic hacking. Video
-
Webgoat Tutorial
Expert Kevin Beaver demonstrates some of the power and versatility of free online testing tool Webgoat. Video
-
Securing rich internet and Web 2.0 applications
Security expert Kevin Beaver discusses securing rich internet and Web 2.0 applications, part of a multimedia security reference guide. Video
-
Black, gray and white box testing explained -- Podcast
Security is critical when operating a Web application. Black, gray and white box tests are three tests you can conduct to ensure an attacker can't get to your application. In this podcast, Jennette Mullaney refers to information from Dan Cornell, pri... Podcast
-
Tips for database testing from the cloud
What is database testing and how is it important to your application and the company? Get tips to effectively test when data is hosted in the cloud. Tip
-
Software test plan 2013: Keynote speakers cite top trends
At STP 2013, keynote speakers weighed in on software test plans to work towards in the coming year. News
-
Hybrid security: Beyond pen testing and static analysis
Securing an application's attack surface takes more than pen testing and code analysis. Kevin Beaver explains the hybrid security analysis approach. Tip
-
An application security guide for software testers
This guide explains what's involved in addressing application security form a software tester's perspective by presenting common threats and strategies to deal with them. Tutorial
-
A software tester's application security guide
This application security testing guide is custom tailored to fit the needs of software quality professionals and application testers. App Security Tutorial
-
Fing and Metasploit: Open source security testing
Fing and Metasploit helps QA pros find security flaws. Testing expert Matt Heusser explains how to use these open source tools. Tip
-
Medical apps: Focus on security-testing the user interface
To boost the security of medical apps, conduct 'attack' testing from the user interface. QA expert Amy Reichert explains how. Tip
-
Top ten mobile application threats to enterprise security
Check out the top ten threats presented by enterprise mobile applications, according to the OWASP Mobile Security Project. Photo Story
-
Top ten threats to mobile enterprise security
OWASP's list of the top ten mobile security risks sheds light on mobile enterprise security concerns that all mobile app testers should be aware of. Photo Story
-
Ten steps to better application security testing strategies
Address app testing strategy concerns at each stage of the application lifecycle and learn about tools and techniques to boost security. Tip
- See more All on Software Security Testing Tools
About Software Security Testing Tools
Tools for software security testing, also called penetration testing, can vary depending on the application under test and the type of security test being performed. Black box testing technologies are those in which the software internals and architecture are unknown. Technology incorporated into tools for security black box testing include fuzzing, syntax testing and test scaffolding. Web security testing comes with its own set of specific considerations and there are many tools designed to specifically address Web-based application vulnerabilities.