Building security into the SDLC Software development life cycle
- July 17, 2006
"Google" hacking and directed attacks such as SQL injection and cross-site scripting are the most dangerous attack methods Web sites face, according to a new study by Fortify Software.
- July 11, 2006
Ajax security is increasingly important as attackers have set their sights on Ajax apps. Andrew van der Stock explained what risks developers need to be aware of in July 06, 2006 06 Jul'06
Web application security in Ajax is becoming an issue. Andrew van der Stock, who is heading the OWASP Guide project, spoke with SearchSoftwareQuality.com about Ajax security and what risks developers need to be concerned about.
- June 23, 2006
Java application security is further explored in the second part of Ramesh Nagappan's Java security series. Part 2 concentrates on Java Web Start security, Java Extensible Security Architecture and APIs.
- June 22, 2006
Ben Fathi, the new face of Trustworthy Computing at Microsoft, expects to get more involved in security design and development.
- June 21, 2006
Java technology already has many security features built in. Sun's Ramesh Nagappan explores Java security in the first article of this two-part series. In Part 1, he concentrates on Java Runtime Environment, Java security management tools and Java ...
- June 19, 2006
Your product has shipped, and now someone has reported a security vulnerability. What do you do now? David Coffey, principal security architect at McAfee Inc., explains what steps you should take.
- June 14, 2006
Application security expert Gary McGraw says you need to put your black hats on and start thinking like bad guys if you want to have secure software.
- June 12, 2006
Through its Trusted Computing Initiative Microsoft revamped its development lifecycle to produce more secure and reliable products. Steven B. Lipner, senior director of security engineering strategy at Microsoft, explains how the company did it and ...
- June 08, 2006
No software is perfect, but by thinking like a hacker you can better anticipate threats and create a more secure product.
- May 25, 2006
Java security isn't well understood, even by those who create Java applications. Fortify chief scientist Brian Chess describes common exploits that plague Java apps such as XSS, session hijacking and SQL injection.
- May 18, 2006
Sun is teaming up with SAP to deliver an integrated software package that will help businesses maintain automated "continuous compliance" with both external government regulations and internal corporate security policies.
- May 09, 2006
Software security doesn't require completely changing your software development life cycle. Application security expert Gary McGraw, author of Software Security: Building Security In, talks about software security best practices that can be easily ...
- May 01, 2006
Web applications need a layered approach to tackling security. Most organizations have deployed this at at the infrastructure level, but now experts say it's time to apply that approach to application security as well.
- April 26, 2006
The IEEE has approved revisions to the IEEE P1074 standard, giving project leaders methodologies for incorporating application security throughout the software development life cycle (SDLC).