Home > Software Quality Tips > Application Security Strategies > Eight reasons to do source code analysis on your Web application
Software Quality Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

APPLICATION SECURITY STRATEGIES

Eight reasons to do source code analysis on your Web application


Kevin Beaver, CISSP
10.16.2007
Rating: -5.00- (out of 5)


Software quality news and advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


Given the visibility and vulnerabilities that make up many Web applications, I'm surprised to see that the underlying source code isn't being analyzed. Be it ignorance, lack of budget or anything in between, there's a lot that can come from performing this exercise in the name of reducing business risks.

Here are eight reasons for placing a higher priority analyzing the source code of your Web applications:



Arguably many businesses could benefit from certain financial gains as the result of growing the customer base, building trust and loyalty, and putting out more and more software. Those benefits come when they root out Web security problems where they often begin -- in the source code -- and create more secure and higher-quality software.

Consider giving source code analysis a whirl. Most tool vendors provide some sort of free trial of their p

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Application Security Strategies
Fixing four Web 2.0 input validation security mistakes
Social engineering training could disrupt botnet growth
Web security problems: Five ways to stop login weaknesses
Common mistakes in real-time Java programming
Preparing for testing applications in the cloud
The role of quality assurance (QA) pros in software security
Common software security risks and oversights
Using the Firefox Web Developer extension to find security flaws
Web application security testing checklist
How to develop secure applications

Software security testing and techniques
Fixing four Web 2.0 input validation security mistakes
Commonly-overlooked security flaws in rich Internet applications
Web security problems: Five ways to stop login weaknesses
10 steps to acing Web app security assessments
Hack maliciously to boost your software's security
Software Testing: How to know you're ready to start testing
Software security best practices: Roles developers must play
The role of quality assurance (QA) pros in software security
What is fuzz testing? What are some ways to use fuzz testing?
Software security: Removing insecurity from outsourced development

Source code analysis
Static analysis tool helps software engineers find bugs during builds
What to do after penetration testing: source code analysis
How static analysis can improve software security
Static Analysis as Part of the Code Review Process -- Chapter 3, Secure Programming with Static Analysis
How source code analysis improves application security
Source code analysis part of DoD's app security plan
Code analysis: Which tool is right for you?
Application security increased by static and dynamic code analysis

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


roducts. It won't hurt to at least try it out to see what's uncovered. It may end up being the best thing you do to improve software quality and minimize security risks for some time to come.

-----------------------------------------
About the author: Kevin Beaver is an independent information security consultant, speaker, and expert witness with Atlanta-based Principle Logic, LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around IT compliance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels series of audiobooks. Kevin can be reached at kbeaver@principlelogic.com.

Rate this Tip
To rate tips, you must be a member of SearchSoftwareQuality.com.
Register now to start rating these tips. Log in if you are already a member.




DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Software Design & Testing - Project Management
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts