Evaluate

Software Project Management

• Agile for data warehousing and business intelligence applications

  Find out how development of business intelligence and data warehousing applications differ from traditional application development, and how Agile principles and techniques can still be applied. Continue Reading

• Security tools and application lifecycle management

  Security and security tools have become more necessary to the application lifecycle, according to recent research. In this response, expert John Overbaugh discusses why security tools are essential to ALM and explains how he sees security activities... Continue Reading

• Tools and techniques for tracking changes to software requirements

  In this tip, requirements expert Sue Burk explains different techniques and tools that can be used to track changes to the requirement itself as well as changes to the attributes of the requirement. Continue Reading

• APM tools: Applying automated testing earlier in the development lifecycle

  ALM expert Kevin Parker advocates for the use of application performance monitoring tools earlier in the development lifecycle, in concert with earlier automated testing. Read this response for his take on the uses of APM tools. Continue Reading

• Types of performance testing for Web applications

  In this response, expert Pete Walen describes performance testing approaches that can steer your team in the right direction to enhance performance and avoid failures. Continue Reading

• Tools and processes for embedded software testing

  Many people are buzzing about embedded software these days, and this complex technology raises questions about platform, testing and quality. In this expert response, Pete Walen discusses his experience with testing embedded software and the tools ...Continue Reading

• Managing change requests to your application

  In this tip, we look at end user requests, and the process to prioritize the requests for IT, so they know where to focus their work efforts.Continue Reading

• Application security: Protecting application availability, data confidentiality and integrity

  Network security and application security are both important in keeping your applications safe from hackers. In this tip, security engineer John Overbaugh focuses on application security, which is needed to protect the confidentiality, availability ...Continue Reading

• Security requirements for any Web application

  When verifying security on your Web application, there are some general considerations that everyone should check off the list. Expert John Overbaugh offers insight into application security standards and steps your team can take while developing ...Continue Reading

• Agile ALM tools: How they differ from traditional lifecycle management tools

  Software consultant Nari Kannan describes the differences between agile application lifecycle management (ALM) tools and traditional lifecycle management software. Agile ALM tools are more tightly integrated, easier to use, supportive to distributed...Continue Reading

• Specialized testing for your enterprise application

  In this tip, Judith Myerson describes examples of five types of testing for your enterprise applications: cloud testing, user acceptance testing, modular testing, agile testing and incremental testing. Myerson gives a brief overview of each type of ...Continue Reading

• Performance testing of ERP applications: How to ensure Scrum teams have needed expertise

  Performance testing is a vital aspect of software development and ideally should occur throughout the development process. In this expert response, Lisa Crispin discusses how to best match performance testing expertise on the Scrum team with the ...Continue Reading

• Tools that generate test cases from software requirements

  In this expert response, requirements expert Robin Goldsmith gives examples of a variety of tools, including tools based on use cases, state analysis tools, and all pairs tools, which generate test cases from software requirements. He also explains ...Continue Reading

• Understanding application lifecycle management's complex identity

  Application lifecycle management seems to take a cue from a "Scooby Doo" villain. Once you think you know what it is, it pulls off its mask and reveals itself as something else. Is ALM a development process? A project management tool? A bunch of ...Continue Reading

• Security ALM: Testing throughout the software application lifecycle

  One of the most important aspects of software development today is writing secure software. Yet, for most IT organizations, security testing is introduced too late in the cycle to be of any help. Security expert John Overbaugh shares his experiences...Continue Reading

• How to regression test Web-based applications

  Software test consultant John Overbaugh gives some helpful advice about regression testing Web-based applications. Overbaugh describes regression testing browser platforms and how to test for backwards compatibility.Continue Reading

• What exactly is an ALM tool?

  Application lifecycle management expert Mike Jones explains the characteristics of tools for ALM. Jones talks about the concept of an ALM framework which is concerned with both the processes and the tools needed in the lifecycle, and clarifies some...Continue Reading

• Special considerations for testing applications using Right to Left languages (RTL)

  When testing user interface (UI) components of an application that uses a right to left language (RTL), there are special considerations. Software test expert Karen Johnson explains what to look for in dropdown fields, scrollbars, data entry fields,...Continue Reading

• Application lifecycle management: Industry roles and responsibilities

  The concept of application lifecycle management (ALM) comprises process, tools and people. This 3 part series delves into the roles and responsibilities in a development team and effective communication best practices.Continue Reading

• Tutorial: Introducing Selenium IDE, an open source automation testing tool

  Selenium, an open source automation testing tool, offers an Integrated Development Environment (IDE) plug-in that unifies the tool with desirable Web browser-based test features. Using Selenium IDE provides easy-to-use record and play back features,...Continue Reading

• When to start testing application performance in an Agile development environment

  There are multiple ways performance testing can be handled on an Agile team. An expert describes the benefits of various approaches.Continue Reading

• Six tours for exploratory testing the business district of your application

  Exploratory testing is sometimes thought to be "directionless testing", but James Whitaker's new book suggests that exploratory testing, is more structured than it is credited for. Exploratory testing is filled with numerous tours or testing ...Continue Reading

• Software project manager perspective: The components of successful application development

  Software development, much like manufacturing is drastically changing. In order to stay on top, project managers need to accept and adapt to change. This chapter provides focus areas for PMs to make good use of such as, risks, cost, complexity, ...Continue Reading

• Why use POST vs. GET to keep applications secure

  Although POST and GET HTTP requests essentially perform the same command on a Web server, a security expert says there are inherent dangers in using one over the other. Learn why one type of processing request provides more security for your Web ...Continue Reading

• Nine ways to evaluate automated software testing tools

  Evaluate automated software testing tools more thoroughly with these tips for analyzing cost, support, total cost of ownership, usability and more. This tip suggests questions to ask about each attribute of a tool and a vendor's support for it.Continue Reading

• Testing SMS texting applications: Key steps and considerations

  A software testing expert describes approaches to testing SMS texting applications. She looks at how SMS testing changes perceptions of everyday texting, and explains key steps in the SMS testing process.Continue Reading

• How to evaluate, choose software requirements tools

  Learn how to choose the right requirements tool for your organization with a series of steps that consider process, users and tasks. Some basic questions at the beginning of the tool selection process can lead to a well-informed decision. This tip ...Continue Reading

• Free Web proxy security tools software testers should get to know

  Learn how to choose and use free Web proxy tools like BurpProxy, Paros Proxy and WebScarab to boost rich Internet applications' security. Screen shots and directions show ways to use tools for application security in this tip by security expert ...Continue Reading

• Performance testing tools- Commercial, less expensive and free

  Finding affordable, quality performance testing tools is a major concern in the software industry. This expert tip sheds light on some of the most reputable cost effective ones.Continue Reading

• Data warehouse/BI performance testing tool recommendations

  Expert selects preferred performance testing tools for data warehouse/BI software testing needs.Continue Reading

• Demo: Using WebGoat, a free software testing tool

  This expert video tutorial developed by Kevin Beaver will teach you how to use Webgoat his most recommended free online testing tool. This is the answer for those users, testers and QA pros that always ask our experts about free software and Web 2.0...Continue Reading

• Rich Internet applications security testing checklist

  Fix common RIA and Web 2.0 application problems typically caused by Ajax, Flash and other technologies with these tips. Software expert Kevin Beaver explains why add-ons, plug-ins and multimedia features are causing more security flaws.Continue Reading

• Finding cross-site scripting (XSS) application flaws checklist

  Cross-site scripting (XSS) is a major concern, it can be unpredictable and requires multiple tools to test it . Expert Kevin Beaver sheds light on the history of XSS issues and recommends tools to prevent XSS application issues.Continue Reading

• Fixing web application performance troubleshooting problems

  Expert Michael Kelly gives advice to those suffering from poor performance traits by assisting in the selection of testing tools, tips and tricks.Continue Reading

• How to approach regression testing, selection of tools and frameworks

  Knowing where to start in conducting a regression test is crucial in off-the-shelf applications or personally-coded projects. Expert John Overbaugh describes regression tools and techniques.Continue Reading

• Essentials of static source code analysis for Web applications

  Running security analysis tools against your source code has been the cornerstone test method for years, but many do not understand the value of testing in this way, or the money it can save you.Continue Reading

• Choosing, using software, tools for a Testing Center of Excellence tutorial

  Lack of an overall test architecture can lead to product choices that may be effective in the short-term but lead to additional long-term costs or even replacement of a previously selected toolset. Learn what testing software and tool vendor your ...Continue Reading

• Test case preparation for a Web-based application

  Test case preparation is the setup work that prepares you to design and execute your tests. Learn what this preparation might entail for a Web-based app.Continue Reading

• Writing a software requirements specification (SRS) for a portal app

  An SRS describes the requirements of a software product -- what it must do in order to function as expected. The standard format is identical regardless of the software's use.Continue Reading

• When to use manual vs. automated software testing tools

  When does it make sense to use an automated software testing tool? When is automation a bad idea? Get detailed answers and expert advice on choosing automated versus manual testing tools.Continue Reading

• Web application security testing checklist

  Testing your Web application security is something that needs be taken seriously. The best way to be successful is to prepare in advance and know what to look for. Here's an essential elements checklist to help you get the most out of your Web ...Continue Reading

• Tools for performance testing a thick client using ODBC protocol

  What tools are available for performance testing on a thick client using ODBC? Are there any free open source tools?Continue Reading

• How to develop secure applications

  It's not enough to begin securing applications in the testing phase -- secure applications start with secure code.Continue Reading

• How to conduct performance, stress, load testing without tools

  Rarely should you have to conduct performance, stress, and load testing without tools. If you do, here are six techniques to use.Continue Reading

• How to test an application's scalability, performance

  To determine if your application can scale, you want to look at performance testing factors such as response time, load, mean time to failure, and performance tuning.Continue Reading

• Integrating application lifecycle management (ALM) processes provides additional benefits

  Dominic Tavassoli explains how you can benefit from integrating the five processes of application lifecycle management (ALM) -- requirements management, test management, configuration management, change management, and modeling.Continue Reading

• PCI DSS compliance: Web application firewalls (WAFs)

  Web application firewalls (WAFs) are one option for those seeking compliance with requirement 6.6 of the PCI DSS. The benefits, limitations and proper implementation of WAFs are discussed by security experts in this section.Continue Reading

• How to maintain, enhance legacy applications

  The challenge of maintaining legacy applications is in developing new functionality and enhancements, often without a clear understanding of how the system works. The good news is that products and approaches are emerging to help solve these ...Continue Reading

• Building automated tests for legacy applications

  Automating tests for legacy applications has benefits but may not always be practical. Expert Karen N. Johnson discusses the advantages of manual testing versus automated testing for legacy apps.Continue Reading

• Dynamic analysis tool from Coverity looks at concurrency defects

  Concurrent programs loom as a major developer and tester challenge as multicore processors grow in use. A dynamic analysis tool for Java from Coverity may automatically detect multithreading deadlocks and race conditions, while incurring low ...Continue Reading

• Getting started with Web application misuse cases

  When developing applications it isn't enough to think about how they will be used. You must also consider how they will be misused -- or abused -- so that you can prevent attacks. Kevin Beaver gives some examples of Web application weak spots that ...Continue Reading

• The essentials of Web application threat modeling

  A critical part of Web application security is mapping out what's at risk -- or threat modeling. Kevin Beaver outlines the essential steps to get you started and help you identify where your application vulnerabilities may be.Continue Reading

• The effectiveness of code coverage tools in software testing

  Coverage tools when run with the application under test will tell you how much code is covered by the executed test cases.Continue Reading

• How to thoroughly test a website without automated tools

  Manual website testing is a challenge, but that doesn't mean it can't be thorough. Expert Karen N. Johnson explains how to test a high-functioning website without automated technology.Continue Reading

• AccuRev software configuration management tool links to IBM's ClearCase

  Software configuration management tool AccuRev 4.6 for ClearCase allows for collaborative development between groups using ClearCase and AccuRev via bi-directional synchronization.Continue Reading

• Requirements gathering for payroll application

  Engineering requirements for a payroll or similar application demands careful consideration. Expert Rob Apmann explains how to approach this complicated task.Continue Reading

• Automated testing tools for a payment gateway

  Whether it is a Web service or a regular Web application, testing a payment gateway is far easier and more thorough when you know which tools to use. Expert Mike Kelly explains how to find the right testing tools.Continue Reading

• Web application hacking: Inside the mind of an attacker

  Want to prevent your Web application from being hacked? Then you need to think like an attacker. Kevin Beaver helps you change your mindset so you start to think about how people can misuse your application.Continue Reading

• Cracking passwords the Web application way

  Don't make the mistake of thinking your Web site is secure just because it uses SSL. If you don't have proper login controls in place, attackers can crack passwords and get into the application.Continue Reading

• Java application security features and measures

  Application security features are built in to the Java language. Expert Ramesh Nagappan explains how to take advantage of these features and several other simple measures to ensure Java application security.Continue Reading

• How to test a payment gateway on a Web application

  Testing a payment gateway is similar to testing other features; however, security testing plays an obviously important role. Expert John Overbaugh explains.Continue Reading

• SPML and SAML enhance application security in different ways

  Access control is a major application security issue and OASIS standards SPML and SAML provide authentication and authorization benefits. Expert Ramesh Nagappan explains how these standards work.Continue Reading

• Authentication and authorization for Web applications

  Web applications need robust authentication and authorization mechanisms. Expert Ramesh Nagappan explains what measures are needed before you deploy Web apps.Continue Reading

• The challenge of performance testing SOA applications

  Software testing and QA groups already pushed to the limit face even more challenges with SOA applications. Automation through modeling can help monitor and test such applications.Continue Reading

• ALM 2.0: Application lifecycle management changing to meet development organizations' needs

  The changing face of application lifecycle management (ALM) has application development organizations looking to tools and technologies that help them collaborate across functional silos, work across large geographic distances and work more ...Continue Reading

• Web application vulnerabilities you don't want to overlook

  When testing Web applications for security flaws, chances are you will miss some weaknesses. Here's a look at 10 commonly overlooked Web application vulnerabilities you can't afford to miss.Continue Reading

• How to evaluate testing software and tools

  Selecting the right testing software that meet's the testing organization's long-term and short-term goals can be challenging. But by following a few simple guidelines and using common sense, you can successfully implement the appropriate tool and ...Continue Reading

• Web application testing: The difference between black, gray and white box testing

  Security is critical when operating a Web application. Black, gray and white box tests are three tests you can conduct to ensure an attacker can't get to your application. Learn what the differences are in this tip from Denim Group's Dan Cornell.Continue Reading

• JAD (Joint Application Development)

  JAD (Joint Application Development) is a methodology that involves the client or end user in the design and development of an application, through a succession of collaborative workshops called JAD sessions.Continue Reading

• build tool

  A build tool is a programming utility that automates a software build task, such as ensuring that the proper source code files are compiled and that the proper object files are linked, after changes have been made to a program.Continue Reading

• Application threats: CSRF, injection attacks and cookie replay

  Web application exploits come in a variety of forms. There are a few that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. ...Continue Reading

• Web Application Security Consortium (WASC)

  The Web Application Security Consortium (WASC) is a worldwide organization devoted to the establishment, refinement and promotion of Internet security standards.Continue Reading

• Obfuscation tools and application security

  Obfuscator tools are quite different from other application security tools. Expert Brad Arkin lays out the basics of code obfuscation.Continue Reading

• application firewall

  An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer... (Continued)Continue Reading

• Buffer overflow tools facilitate application testing

  Web applications are the conduit for buffer overflow attacks on the Web server. As such, it's imperative to make sure your applications cannot be exploited. These tools can help you out.Continue Reading

• Hacme Casino tool reveals online gaming vulnerabilities

  Foundstone's Hacme Casino shows some of the threats online gaming applications face and helps developers see how these issues may be present in their own code.Continue Reading

• Using fuzzer tools to find vulnerabilities

  Fuzzers are excellent tools for finding vulnerabilities in your software. They can be used legitimately by a developer or maliciously by a hacker. Expert Brad Arkin explains how to use fuzzers in order to enhance security.Continue Reading

• Input Validation Attacks -- Chapter 6, Hacking Exposed Web Applications, Second Edition

  Input validation routines serve as a first line of defense for a Web application. Buffer overflow, directory traversal, cross-site scripting and SQL injection are just a few of the attacks that can result from improper data validation. This chapter ...Continue Reading

• How standards and regulations affect application security

  Many standards and laws regulate security issues for companies. Often, however, what's expected is unclear -- especially when it comes to application security. But that is starting to change, as regulations begin including application security ...Continue Reading

• Five application security threats and how to counter them

  New threats emerge every day. In order to be secure, you must be able to identify the major threats and understand how to counter them. Here is a guide to the five most common and insidious threats to applications -– and what you can do about ...Continue Reading

• Myth-busting Web application buffer overflows

  If someone managed to exploit a buffer overflow in a Web application, it would result in a critical situation. But the chance of that happening to a custom Web application is slim. Focus instead on cross-site scripting and SQL injection ...Continue Reading

• SOA requires enterprise application security integration architecture

  Web application security in SOA-based systems can be very difficult to achieve. This tip explains how to use authentication and authorization methods, such as JAAS and SAML, will help secure your Web services.Continue Reading

• How to Break Web Software: Functional and Security Testing of Web Applications and Web Services -- C

  Web application security is dependent on proper coding and session management, and Web application developers must take it upon themselves to code state information so they can enforce rules about page access and session management. This chapter ...Continue Reading

• Top 10 Web application security vulnerabilities

  Based on the Open Web Application Security Project's top 10 project, this guide covers the 10 most critical Web application security vulnerabilities and how to protect your applications.Continue Reading

• OWASP Guide to Building Secure Web Applications and Web Services, Chapter 9: Authentication

  Secure authentication methods for Web applications are discussed in this chapter of the OWASP Guide to Building Secure Web Applications and Web Services. Java and .NET are both covered. SAML, biometrics, SSL, forms-based authentication and other ...Continue Reading

• Data validation -- Chapter 12, OWASP Guide to Building Secure Web Applications and Web Services

  This section of the OWASP Guide to Building Secure Web Applications and Web Services will help you ensure applications are secure against all forms of input data. Techniques explained include data integrity checks, validation and business rule ...Continue Reading

• OWASP Guide to Building Secure Web Applications and Web Services, Chapter 13: Interpreter Injection

  Web applications are vulnerable to a barrage of injection attacks, such as SQL injection and XSS. This chapter from OWASP explains how to secure your Web services against injection exploits.Continue Reading

• OWASP Guide to Building Secure Web Applications and Web Services, Chapter 11: Session Management

  In this section of the OWASP Guide to Building Secure Web Applications and Web Service you'll learn how to ensure authenticated users have a secure association with their session, enforce authorization checks and prevent common Web attacks.Continue Reading