Building security into the SDLC Software development life cycle

  • April 14, 2006 14 Apr'06

    Sun and Nokia demo service-oriented identity

    The Liberty Enhanced Client Profile specification attempts to bring SAML 2.0 identity standards to Web services running on client devices.

  • April 11, 2006 11 Apr'06

    Watchfire introduces managed services for assessing security vulnerabilities

    AppScan OnDemand services are designed to lower TCO and help organizations keep up with testing frequently changing Web applications.

  • April 06, 2006 06 Apr'06

    Java developers can't afford to ignore application security

    For many Java developers, application security has not been addressed much. That changed last week as a panel of application security experts tackled Java security in the SDLC at TheServerSide Java Symposium in Las Vegas.

  • April 03, 2006 03 Apr'06

    Application design critical to improving security

    Users think if they use security solutions, like firewalls and intrusion prevention systems, they can do dangerous things and still be safe. Security expert Marcus J. Ranum, chief of security at Tenable Security Inc. and inventor of the proxy ...

  • March 29, 2006 29 Mar'06

    Cenzic names top five Web app vulnerabilities from February

    Cenzic's Intelligent Analysis (CIA) research lab recently named the top five most serious Web application vulnerabilities for the month of February. The company's top five list includes vulnerabilities in many of today's most widely used business ...

  • March 23, 2006 23 Mar'06

    Web application security for the most vulnerable layer

    Web application security was one of the themes at Boston's SecureWorld, but both security tools vendors and attendees stress more education is needed among developers.

  • March 13, 2006 13 Mar'06

    Baking security into the SDLC better than bolting on later

    Application security expert Dr. Herbert H. Thompson says making security part of the software development life cycle (SDLC) reduces risk and provides strategic advantage. In the second part of a two-part interview, Thompson, chief security ...

  • March 08, 2006 08 Mar'06

    Software buyers forcing changes in application security

    Application security expert Dr. Herbert H. Thompson says the convergence of regulatory demands for application security with an increasingly security-savvy software buyer is driving a serious impetus for change. In this first part of a two-part ...

  • March 01, 2006 01 Mar'06

    Threat modeling key to pro-active security

    The best way to ensure software is secure is to build security into the software development life cycle, industry experts say. Design-time threat modeling is pivotal, but it needs to be constrained by an understanding of the business risks involved.

  • March 01, 2006 01 Mar'06

    Metrics needed to guide application security decisions

    Recently launched Application Security Industry Consortium aims to give companies and their developers the information they need to select secure software and ensure products meet their business goals.

  • February 21, 2006 21 Feb'06

    Want secure software? Think like an attacker

    Automated tools have their role in securing applications, but you can't rely on them totally. You also need skilled people to help identify vulnerabilities throughout the development lifecycle.

  • February 01, 2006 01 Feb'06

    Web application firewalls critical for application security

    Web application firewalls provide essential protection against application attacks. The question is, how do you decide which firewall is right for you? The Web Application Firewall Evaluation Criteria can help you decide.

  • January 19, 2006 19 Jan'06

    Build security into the SDLC and keep the bad guys out

    Secure application development requires a constant balancing act between functional requirements and business drivers, deadlines and limited resources, and risk and flexibility. Success comes to organizations that build security into all phases of ...

  • January 16, 2006 16 Jan'06

    Incorporation of security in development lifecycle a sea change

    Top security expert Howard Schmidt has viewed IT security from nearly every angle -- from the private sector at eBay and Microsoft, where he co-founded Microsoft's Trustworthy Computer Security Strategies Group, and from the government side, where ...

  • January 10, 2006 10 Jan'06

    Build accountability for security into the development process

    Top security expert Howard Schmidt's has viewed IT security from nearly every angle. He was once vice president and chief security strategist at eBay as well as chief security officer at Microsoft, where he co-founded Microsoft's Trustworthy ...