Evaluate
Weigh the pros and cons of technologies, products and projects you are considering.
Software Project Management
Requirements management process: Security and application performance
Organizations need to explicitly address security and application performance during the requirements management process according to expert Dan Cornell. Continue Reading
Agile metrics, tools and processes: Tenets for the project manager
The Agile project manager must understand the basics of collaboration, servant leadership, Agile metrics and the tools and processes the team uses. Continue Reading
APM in ALM: Keeping competitive by building the right apps
A wise step for many software development companies is to get a handle on the many applications in use and better plan and manage application and project portfolios. Continue Reading
-
APM processes: Determining apps’ business value
Application portfolio management aids decision makers in determining business ROI of applications. Continue Reading
Test automation tools for DevOps teams: What is needed?
ALM expert Kevin Parker recommends tools teams should take advantage of in DevOps, from a Release Vault to test automation tools. Continue Reading
Portfolio management and “end-to-end” ALM: What tools are needed?
Expert Kevin Parker advocates for the integration of the people, processes, tools and automation in the application development lifecycle in order to achieve effective portfolio management.Continue Reading
Agile ALM: Tools for release management
IT leaders and decision makers will benefit from this tip, written by Software Consultant Nari Kannan, about the problems and challenges in release management and the commercial and open source tools that address them.Continue Reading
Agile ALM: Automation tools for the application lifecycle
Software Consultant Nari Kannan offers CIOs insights about the different categories of ALM automation tools and identifies commercially available and open source options in each category.Continue Reading
Enhance mobile application performance with network testing
Learn how to ensure robust end-to-end testing of mobile applications and their superior performance.Continue Reading
Automation in your SDLC: Identifying vital ALM tools
Process-centric tools and dashboards are among the ALM trends identified by expert Kevin Parker. Here he discusses how these trends are now indispensable to automation in the SDLC.Continue Reading
-
Ten best collaboration tools for business and IT
Software consultant Nari Kannan writes about ten collaborative and social media tools you can leverage to make sure that IT is tuned in to the needs of business and delivers the needed results.Continue Reading
Cloud application performance management: Ten insights
Cloud application performance management (CAPM) is ferent from non-cloud application performance management in its nature and deployment. Software consultant Nari Kannan explains CAPM and how to choose the right tools for deploying your solution.Continue Reading
Continuous integration: Tools and trends
In this story, SSQ contributor Crystal Bedell describes the benefits of continuous integration, tools that are being used, and the trends for more mature continuous integration techniques: continuous deployment and continuous delivery.Continue Reading
Agile for data warehousing and business intelligence applications
Find out how development of business intelligence and data warehousing applications differ from traditional application development, and how Agile principles and techniques can still be applied.Continue Reading
Security tools and application lifecycle management
Security and security tools have become more necessary to the application lifecycle, according to recent research. In this response, expert John Overbaugh discusses why security tools are essential to ALM and explains how he sees security activities...Continue Reading
Tools and techniques for tracking changes to software requirements
In this tip, requirements expert Sue Burk explains different techniques and tools that can be used to track changes to the requirement itself as well as changes to the attributes of the requirement.Continue Reading
APM tools: Applying automated testing earlier in the development lifecycle
ALM expert Kevin Parker advocates for the use of application performance monitoring tools earlier in the development lifecycle, in concert with earlier automated testing. Read this response for his take on the uses of APM tools.Continue Reading
Types of performance testing for Web applications
In this response, expert Pete Walen describes performance testing approaches that can steer your team in the right direction to enhance performance and avoid failures.Continue Reading
Tools and processes for embedded software testing
Many people are buzzing about embedded software these days, and this complex technology raises questions about platform, testing and quality. In this expert response, Pete Walen discusses his experience with testing embedded software and the tools ...Continue Reading
Managing change requests to your application
In this tip, we look at end user requests, and the process to prioritize the requests for IT, so they know where to focus their work efforts.Continue Reading
Application security: Protecting application availability, data confidentiality and integrity
Network security and application security are both important in keeping your applications safe from hackers. In this tip, security engineer John Overbaugh focuses on application security, which is needed to protect the confidentiality, availability ...Continue Reading
Security requirements for any Web application
When verifying security on your Web application, there are some general considerations that everyone should check off the list. Expert John Overbaugh offers insight into application security standards and steps your team can take while developing ...Continue Reading
Agile ALM tools: How they differ from traditional lifecycle management tools
Software consultant Nari Kannan describes the differences between agile application lifecycle management (ALM) tools and traditional lifecycle management software. Agile ALM tools are more tightly integrated, easier to use, supportive to distributed...Continue Reading
Specialized testing for your enterprise application
In this tip, Judith Myerson describes examples of five types of testing for your enterprise applications: cloud testing, user acceptance testing, modular testing, agile testing and incremental testing. Myerson gives a brief overview of each type of ...Continue Reading
Performance testing of ERP applications: How to ensure Scrum teams have needed expertise
Performance testing is a vital aspect of software development and ideally should occur throughout the development process. In this expert response, Lisa Crispin discusses how to best match performance testing expertise on the Scrum team with the ...Continue Reading
Application development for mobile phones: Testing across different devices
New mobile phone models enter the market all the time, and it seems daunting to perform application testing on the various devices available. Expert Karen Johnson carefully examines the factors developers must consider and offers strategies on how ...Continue Reading
Understanding application lifecycle management's complex identity
Application lifecycle management seems to take a cue from a "Scooby Doo" villain. Once you think you know what it is, it pulls off its mask and reveals itself as something else. Is ALM a development process? A project management tool? A bunch of ...Continue Reading
Tools that generate test cases from software requirements
In this expert response, requirements expert Robin Goldsmith gives examples of a variety of tools, including tools based on use cases, state analysis tools, and all pairs tools, which generate test cases from software requirements. He also explains ...Continue Reading
Security ALM: Testing throughout the software application lifecycle
One of the most important aspects of software development today is writing secure software. Yet, for most IT organizations, security testing is introduced too late in the cycle to be of any help. Security expert John Overbaugh shares his experiences...Continue Reading
How to regression test Web-based applications
Software test consultant John Overbaugh gives some helpful advice about regression testing Web-based applications. Overbaugh describes regression testing browser platforms and how to test for backwards compatibility.Continue Reading
What exactly is an ALM tool?
Application lifecycle management expert Mike Jones explains the characteristics of tools for ALM. Jones talks about the concept of an ALM framework which is concerned with both the processes and the tools needed in the lifecycle, and clarifies some...Continue Reading
Special considerations for testing applications using Right to Left languages (RTL)
When testing user interface (UI) components of an application that uses a right to left language (RTL), there are special considerations. Software test expert Karen Johnson explains what to look for in dropdown fields, scrollbars, data entry fields,...Continue Reading
Application lifecycle management: Industry roles and responsibilities
The concept of application lifecycle management (ALM) comprises process, tools and people. This 3 part series delves into the roles and responsibilities in a development team and effective communication best practices.Continue Reading
Tutorial: Introducing Selenium IDE, an open source automation testing tool
Selenium, an open source automation testing tool, offers an Integrated Development Environment (IDE) plug-in that unifies the tool with desirable Web browser-based test features. Using Selenium IDE provides easy-to-use record and play back features,...Continue Reading
When to start testing application performance in an Agile development environment
There are multiple ways performance testing can be handled on an Agile team. An expert describes the benefits of various approaches.Continue Reading
Six tours for exploratory testing the business district of your application
Exploratory testing is sometimes thought to be "directionless testing", but James Whitaker's new book suggests that exploratory testing, is more structured than it is credited for. Exploratory testing is filled with numerous tours or testing ...Continue Reading
Software project manager perspective: The components of successful application development
Software development, much like manufacturing is drastically changing. In order to stay on top, project managers need to accept and adapt to change. This chapter provides focus areas for PMs to make good use of such as, risks, cost, complexity, ...Continue Reading
Why use POST vs. GET to keep applications secure
Although POST and GET HTTP requests essentially perform the same command on a Web server, a security expert says there are inherent dangers in using one over the other. Learn why one type of processing request provides more security for your Web ...Continue Reading
Nine ways to evaluate automated software testing tools
Evaluate automated software testing tools more thoroughly with these tips for analyzing cost, support, total cost of ownership, usability and more. This tip suggests questions to ask about each attribute of a tool and a vendor's support for it.Continue Reading
Testing SMS texting applications: Key steps and considerations
A software testing expert describes approaches to testing SMS texting applications. She looks at how SMS testing changes perceptions of everyday texting, and explains key steps in the SMS testing process.Continue Reading
How to evaluate, choose software requirements tools
Learn how to choose the right requirements tool for your organization with a series of steps that consider process, users and tasks. Some basic questions at the beginning of the tool selection process can lead to a well-informed decision. This tip ...Continue Reading
Free Web proxy security tools software testers should get to know
Learn how to choose and use free Web proxy tools like BurpProxy, Paros Proxy and WebScarab to boost rich Internet applications' security. Screen shots and directions show ways to use tools for application security in this tip by security expert ...Continue Reading
Performance testing tools- Commercial, less expensive and free
Finding affordable, quality performance testing tools is a major concern in the software industry. This expert tip sheds light on some of the most reputable cost effective ones.Continue Reading
Data warehouse/BI performance testing tool recommendations
Expert selects preferred performance testing tools for data warehouse/BI software testing needs.Continue Reading
Demo: Using WebGoat, a free software testing tool
This expert video tutorial developed by Kevin Beaver will teach you how to use Webgoat his most recommended free online testing tool. This is the answer for those users, testers and QA pros that always ask our experts about free software and Web 2.0...Continue Reading
Rich Internet applications security testing checklist
Fix common RIA and Web 2.0 application problems typically caused by Ajax, Flash and other technologies with these tips. Software expert Kevin Beaver explains why add-ons, plug-ins and multimedia features are causing more security flaws.Continue Reading
Finding cross-site scripting (XSS) application flaws checklist
Cross-site scripting (XSS) is a major concern, it can be unpredictable and requires multiple tools to test it . Expert Kevin Beaver sheds light on the history of XSS issues and recommends tools to prevent XSS application issues.Continue Reading
Fixing web application performance troubleshooting problems
Expert Michael Kelly gives advice to those suffering from poor performance traits by assisting in the selection of testing tools, tips and tricks.Continue Reading
How to approach regression testing, selection of tools and frameworks
Knowing where to start in conducting a regression test is crucial in off-the-shelf applications or personally-coded projects. Expert John Overbaugh describes regression tools and techniques.Continue Reading
Essentials of static source code analysis for Web applications
Running security analysis tools against your source code has been the cornerstone test method for years, but many do not understand the value of testing in this way, or the money it can save you.Continue Reading
Choosing, using software, tools for a Testing Center of Excellence tutorial
Lack of an overall test architecture can lead to product choices that may be effective in the short-term but lead to additional long-term costs or even replacement of a previously selected toolset. Learn what testing software and tool vendor your ...Continue Reading
Test case preparation for a Web-based application
Test case preparation is the setup work that prepares you to design and execute your tests. Learn what this preparation might entail for a Web-based app.Continue Reading
Writing a software requirements specification (SRS) for a portal app
An SRS describes the requirements of a software product -- what it must do in order to function as expected. The standard format is identical regardless of the software's use.Continue Reading
When to use manual vs. automated software testing tools
When does it make sense to use an automated software testing tool? When is automation a bad idea? Get detailed answers and expert advice on choosing automated versus manual testing tools.Continue Reading
Web application security testing checklist
Testing your Web application security is something that needs be taken seriously. The best way to be successful is to prepare in advance and know what to look for. Here's an essential elements checklist to help you get the most out of your Web ...Continue Reading
Tools for performance testing a thick client using ODBC protocol
What tools are available for performance testing on a thick client using ODBC? Are there any free open source tools?Continue Reading
How to develop secure applications
It's not enough to begin securing applications in the testing phase -- secure applications start with secure code.Continue Reading
How to conduct performance, stress, load testing without tools
Rarely should you have to conduct performance, stress, and load testing without tools. If you do, here are six techniques to use.Continue Reading
How to test an application's scalability, performance
To determine if your application can scale, you want to look at performance testing factors such as response time, load, mean time to failure, and performance tuning.Continue Reading
Integrating application lifecycle management (ALM) processes provides additional benefits
Dominic Tavassoli explains how you can benefit from integrating the five processes of application lifecycle management (ALM) -- requirements management, test management, configuration management, change management, and modeling.Continue Reading
PCI DSS compliance: Web application firewalls (WAFs)
Web application firewalls (WAFs) are one option for those seeking compliance with requirement 6.6 of the PCI DSS. The benefits, limitations and proper implementation of WAFs are discussed by security experts in this section.Continue Reading
How to maintain, enhance legacy applications
The challenge of maintaining legacy applications is in developing new functionality and enhancements, often without a clear understanding of how the system works. The good news is that products and approaches are emerging to help solve these ...Continue Reading
Building automated tests for legacy applications
Automating tests for legacy applications has benefits but may not always be practical. Expert Karen N. Johnson discusses the advantages of manual testing versus automated testing for legacy apps.Continue Reading
Dynamic analysis tool from Coverity looks at concurrency defects
Concurrent programs loom as a major developer and tester challenge as multicore processors grow in use. A dynamic analysis tool for Java from Coverity may automatically detect multithreading deadlocks and race conditions, while incurring low ...Continue Reading
Getting started with Web application misuse cases
When developing applications it isn't enough to think about how they will be used. You must also consider how they will be misused -- or abused -- so that you can prevent attacks. Kevin Beaver gives some examples of Web application weak spots that ...Continue Reading
The essentials of Web application threat modeling
A critical part of Web application security is mapping out what's at risk -- or threat modeling. Kevin Beaver outlines the essential steps to get you started and help you identify where your application vulnerabilities may be.Continue Reading
The effectiveness of code coverage tools in software testing
Coverage tools when run with the application under test will tell you how much code is covered by the executed test cases.Continue Reading
How to thoroughly test a website without automated tools
Manual website testing is a challenge, but that doesn't mean it can't be thorough. Expert Karen N. Johnson explains how to test a high-functioning website without automated technology.Continue Reading
AccuRev software configuration management tool links to IBM's ClearCase
Software configuration management tool AccuRev 4.6 for ClearCase allows for collaborative development between groups using ClearCase and AccuRev via bi-directional synchronization.Continue Reading
Requirements gathering for payroll application
Engineering requirements for a payroll or similar application demands careful consideration. Expert Rob Apmann explains how to approach this complicated task.Continue Reading
Automated testing tools for a payment gateway
Whether it is a Web service or a regular Web application, testing a payment gateway is far easier and more thorough when you know which tools to use. Expert Mike Kelly explains how to find the right testing tools.Continue Reading
Web application hacking: Inside the mind of an attacker
Want to prevent your Web application from being hacked? Then you need to think like an attacker. Kevin Beaver helps you change your mindset so you start to think about how people can misuse your application.Continue Reading
Cracking passwords the Web application way
Don't make the mistake of thinking your Web site is secure just because it uses SSL. If you don't have proper login controls in place, attackers can crack passwords and get into the application.Continue Reading
Java application security features and measures
Application security features are built in to the Java language. Expert Ramesh Nagappan explains how to take advantage of these features and several other simple measures to ensure Java application security.Continue Reading
How to test a payment gateway on a Web application
Testing a payment gateway is similar to testing other features; however, security testing plays an obviously important role. Expert John Overbaugh explains.Continue Reading
SPML and SAML enhance application security in different ways
Access control is a major application security issue and OASIS standards SPML and SAML provide authentication and authorization benefits. Expert Ramesh Nagappan explains how these standards work.Continue Reading
Authentication and authorization for Web applications
Web applications need robust authentication and authorization mechanisms. Expert Ramesh Nagappan explains what measures are needed before you deploy Web apps.Continue Reading
The challenge of performance testing SOA applications
Software testing and QA groups already pushed to the limit face even more challenges with SOA applications. Automation through modeling can help monitor and test such applications.Continue Reading
ALM 2.0: Application lifecycle management changing to meet development organizations' needs
The changing face of application lifecycle management (ALM) has application development organizations looking to tools and technologies that help them collaborate across functional silos, work across large geographic distances and work more ...Continue Reading
Web application vulnerabilities you don't want to overlook
When testing Web applications for security flaws, chances are you will miss some weaknesses. Here's a look at 10 commonly overlooked Web application vulnerabilities you can't afford to miss.Continue Reading
How to evaluate testing software and tools
Selecting the right testing software that meet's the testing organization's long-term and short-term goals can be challenging. But by following a few simple guidelines and using common sense, you can successfully implement the appropriate tool and ...Continue Reading
Web application testing: The difference between black, gray and white box testing
Security is critical when operating a Web application. Black, gray and white box tests are three tests you can conduct to ensure an attacker can't get to your application. Learn what the differences are in this tip from Denim Group's Dan Cornell.Continue Reading
JAD (Joint Application Development)
JAD (Joint Application Development) is a methodology that involves the client or end user in the design and development of an application, through a succession of collaborative workshops called JAD sessions.Continue Reading
build tool
A build tool is a programming utility that automates a software build task, such as ensuring that the proper source code files are compiled and that the proper object files are linked, after changes have been made to a program.Continue Reading
Application threats: CSRF, injection attacks and cookie replay
Web application exploits come in a variety of forms. There are a few that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. ...Continue Reading
Web Application Security Consortium (WASC)
The Web Application Security Consortium (WASC) is a worldwide organization devoted to the establishment, refinement and promotion of Internet security standards.Continue Reading
Obfuscation tools and application security
Obfuscator tools are quite different from other application security tools. Expert Brad Arkin lays out the basics of code obfuscation.Continue Reading
application firewall
An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer... (Continued)Continue Reading
Buffer overflow tools facilitate application testing
Web applications are the conduit for buffer overflow attacks on the Web server. As such, it's imperative to make sure your applications cannot be exploited. These tools can help you out.Continue Reading
Hacme Casino tool reveals online gaming vulnerabilities
Foundstone's Hacme Casino shows some of the threats online gaming applications face and helps developers see how these issues may be present in their own code.Continue Reading
Using fuzzer tools to find vulnerabilities
Fuzzers are excellent tools for finding vulnerabilities in your software. They can be used legitimately by a developer or maliciously by a hacker. Expert Brad Arkin explains how to use fuzzers in order to enhance security.Continue Reading
Input Validation Attacks -- Chapter 6, Hacking Exposed Web Applications, Second Edition
Input validation routines serve as a first line of defense for a Web application. Buffer overflow, directory traversal, cross-site scripting and SQL injection are just a few of the attacks that can result from improper data validation. This chapter ...Continue Reading
How standards and regulations affect application security
Many standards and laws regulate security issues for companies. Often, however, what's expected is unclear -- especially when it comes to application security. But that is starting to change, as regulations begin including application security ...Continue Reading
Five application security threats and how to counter them
New threats emerge every day. In order to be secure, you must be able to identify the major threats and understand how to counter them. Here is a guide to the five most common and insidious threats to applications -– and what you can do about ...Continue Reading
Myth-busting Web application buffer overflows
If someone managed to exploit a buffer overflow in a Web application, it would result in a critical situation. But the chance of that happening to a custom Web application is slim. Focus instead on cross-site scripting and SQL injection ...Continue Reading
SOA requires enterprise application security integration architecture
Web application security in SOA-based systems can be very difficult to achieve. This tip explains how to use authentication and authorization methods, such as JAAS and SAML, will help secure your Web services.Continue Reading
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services -- C
Web application security is dependent on proper coding and session management, and Web application developers must take it upon themselves to code state information so they can enforce rules about page access and session management. This chapter ...Continue Reading
Top 10 Web application security vulnerabilities
Based on the Open Web Application Security Project's top 10 project, this guide covers the 10 most critical Web application security vulnerabilities and how to protect your applications.Continue Reading
OWASP Guide to Building Secure Web Applications and Web Services, Chapter 9: Authentication
Secure authentication methods for Web applications are discussed in this chapter of the OWASP Guide to Building Secure Web Applications and Web Services. Java and .NET are both covered. SAML, biometrics, SSL, forms-based authentication and other ...Continue Reading
Data validation -- Chapter 12, OWASP Guide to Building Secure Web Applications and Web Services
This section of the OWASP Guide to Building Secure Web Applications and Web Services will help you ensure applications are secure against all forms of input data. Techniques explained include data integrity checks, validation and business rule ...Continue Reading