Building security into the SDLC Software development life cycle

  • October 15, 2007 15 Oct'07

    Wachovia banks on entitlement management for fine-grained application security

    Securent's Entitlement Management Solution helps Wachovia enforce fine-grained application security, restricting who can do what once inside an application. More than that, it relieves developers from having to develop and deploy custom access ...

  • September 06, 2007 06 Sep'07

    Ajax application security critical, experts warn

    While developers increasingly turn to Ajax to create applications, they're not including security controls, leaving those applications open to attack. Ajax experts Billy Hoffman and Bryan Sullivan explain what can be done to increase Ajax ...

  • August 02, 2007 02 Aug'07

    Web sites vulnerable to a new generation of attacks

    Web application security faces serious hurdles, experts warn. New attacks exploit XSS and CSRF vulnerabilities rampant among Web sites.

  • July 12, 2007 12 Jul'07

    Web application security market shifting

    IBM and HP have made moves to scoop up niche players in the nascent Web application security market. Analysts expect further consolidation, however, with big security vendors playing a role.

  • June 05, 2007 05 Jun'07

    How static analysis can improve software security

    Fortify's Brian Chess talks about his upcoming book, Secure Programming with Static Analysis, and progress that has been made toward making security part of the software development life cycle (SDLC).

  • May 30, 2007 30 May'07

    Product news from Blueprint, Codefast, Strangeloop and PreEmptive

    In this product update report, learn how Blueprint has overhauled the Profesy requirements tool, Codefast has teamed with Borland, Strangeloop Networks has announced tools that speed dynamic Web applications, and PreEmptive Solutions has released ...

  • May 25, 2007 25 May'07

    XSS leads OWASP's Top 10 for 2007

    OWASP says cross-site scripting (XSS) remains the "termite" of Web applications, while cross-site request forgery and cryptography emerge as serious problems.

  • May 15, 2007 15 May'07

    Application security shouldn't involve duct tape, Band-Aids or bubble gum

    By applying a multilayered approach to application security throughout the SDLC, software ships more securely, closer to the scheduled delivery date and closer to anticipated cost. How do you do that? Joe Basirico, a senior security trainer at ...

  • May 07, 2007 07 May'07

    Klocwork enhances static code analysis suite

    The Klocwork 7.7 static code analysis suite provides enhanced usability and expanded support for Visual Studio .NET C/C++ and IntelliJ IDEA for Java. The goal is to make application security easier for developers.

  • April 18, 2007 18 Apr'07

    Software security practices continue to lag

    More people understand the importance of software security, but many more still need to become aware. They also need education and training to ensure they're testing applications properly and securing those applications.

  • April 16, 2007 16 Apr'07

    Software testing tools to help integrate application security throughout the SDLC

    Watchfire makes it easier to integrate Web application security throughout the software development life cycle (SDLC) with its new application security testing tools -- AppScan 7.5 and AppScan QA.

  • March 26, 2007 26 Mar'07

    Application security the goal of initiatives from SANS and SPI Dynamics

    Educating programmers about application security is the focus of a campaign being launched by the SANS Institute and SPI Dynamics. A certification exam and workshops will be conducted as part of the campaign.

  • March 13, 2007 13 Mar'07

    SPI Dynamics revamps Web application security management tool

    SPI Dynamics has released a new version of its Web application security management tool, Assessment Management Platform (AMP). AMP 3.0, which assesses and manages application security risk across the enterprise and throughout the software ...

  • March 05, 2007 05 Mar'07

    Java secure, but developers introduce vulnerabilities, report finds

    Although Java has been found to be more secure than other languages, a report from Fortify Software's Java Open Review Project warns that developers may inadvertently introduce vulnerabilities into their own code by using the sample code and ...

  • January 29, 2007 29 Jan'07

    SPI Dynamics' WebInspect 7 designed to tackle evolving security threats

    With WebInspect 7, SPI Dynamics has created a security product re-engineered to handle the threats and vulnerabilities of Web 2.0.