Building security into the SDLC Software development life cycle

  • July 17, 2006 17 Jul'06

    Top attack methods against Web sites identified

    "Google" hacking and directed attacks such as SQL injection and cross-site scripting are the most dangerous attack methods Web sites face, according to a new study by Fortify Software.

  • July 11, 2006 11 Jul'06

    Helping Ajax developers prevent exploits

    Ajax security is increasingly important as attackers have set their sights on Ajax apps. Andrew van der Stock explained what risks developers need to be aware of in July 06, 2006 06 Jul'06

    New chapter and verse on Ajax application security

    Web application security in Ajax is becoming an issue. Andrew van der Stock, who is heading the OWASP Guide project, spoke with about Ajax security and what risks developers need to be concerned about.

  • June 23, 2006 23 Jun'06

    Demystifying Java security -- Part 2

    Java application security is further explored in the second part of Ramesh Nagappan's Java security series. Part 2 concentrates on Java Web Start security, Java Extensible Security Architecture and APIs.

  • June 22, 2006 22 Jun'06

    Microsoft's new security boss envisions hands-on role

    Ben Fathi, the new face of Trustworthy Computing at Microsoft, expects to get more involved in security design and development.

  • June 21, 2006 21 Jun'06

    Demystifying Java security -- Part 1

    Java technology already has many security features built in. Sun's Ramesh Nagappan explores Java security in the first article of this two-part series. In Part 1, he concentrates on Java Runtime Environment, Java security management tools and Java ...

  • June 19, 2006 19 Jun'06

    Patch and protect: What to do if a security flaw is reported

    Your product has shipped, and now someone has reported a security vulnerability. What do you do now? David Coffey, principal security architect at McAfee Inc., explains what steps you should take.

  • June 14, 2006 14 Jun'06

    How things break: Securing your software

    Application security expert Gary McGraw says you need to put your black hats on and start thinking like bad guys if you want to have secure software.

  • June 12, 2006 12 Jun'06

    Security overhaul key to Microsoft's software success

    Through its Trusted Computing Initiative Microsoft revamped its development lifecycle to produce more secure and reliable products. Steven B. Lipner, senior director of security engineering strategy at Microsoft, explains how the company did it and ...

  • June 08, 2006 08 Jun'06

    Want secure software? Break it first

    No software is perfect, but by thinking like a hacker you can better anticipate threats and create a more secure product.

  • May 25, 2006 25 May'06

    Twelve Java security traps and how to avoid them

    Java security isn't well understood, even by those who create Java applications. Fortify chief scientist Brian Chess describes common exploits that plague Java apps such as XSS, session hijacking and SQL injection.

  • May 18, 2006 18 May'06

    Sun, SAP help businesses comply with government, security policies

    Sun is teaming up with SAP to deliver an integrated software package that will help businesses maintain automated "continuous compliance" with both external government regulations and internal corporate security policies.

  • May 09, 2006 09 May'06

    Best practices for building software security into the SDLC

    Software security doesn't require completely changing your software development life cycle. Application security expert Gary McGraw, author of Software Security: Building Security In, talks about software security best practices that can be easily ...

  • May 01, 2006 01 May'06

    Application security defense in depth: Strategies to lock down your Web apps

    Web applications need a layered approach to tackling security. Most organizations have deployed this at at the infrastructure level, but now experts say it's time to apply that approach to application security as well.

  • April 26, 2006 26 Apr'06

    IEEE flags security as software development life cycle requirement

    The IEEE has approved revisions to the IEEE P1074 standard, giving project leaders methodologies for incorporating application security throughout the software development life cycle (SDLC).