Building security into the SDLC Software development life cycle
- April 14, 2006
The Liberty Enhanced Client Profile specification attempts to bring SAML 2.0 identity standards to Web services running on client devices.
- April 11, 2006
AppScan OnDemand services are designed to lower TCO and help organizations keep up with testing frequently changing Web applications.
- April 06, 2006
For many Java developers, application security has not been addressed much. That changed last week as a panel of application security experts tackled Java security in the SDLC at TheServerSide Java Symposium in Las Vegas.
- April 03, 2006
Users think if they use security solutions, like firewalls and intrusion prevention systems, they can do dangerous things and still be safe. Security expert Marcus J. Ranum, chief of security at Tenable Security Inc. and inventor of the proxy ...
- March 29, 2006
Cenzic's Intelligent Analysis (CIA) research lab recently named the top five most serious Web application vulnerabilities for the month of February. The company's top five list includes vulnerabilities in many of today's most widely used business ...
- March 23, 2006
Web application security was one of the themes at Boston's SecureWorld, but both security tools vendors and attendees stress more education is needed among developers.
- March 13, 2006
Application security expert Dr. Herbert H. Thompson says making security part of the software development life cycle (SDLC) reduces risk and provides strategic advantage. In the second part of a two-part interview, Thompson, chief security ...
- March 08, 2006
Application security expert Dr. Herbert H. Thompson says the convergence of regulatory demands for application security with an increasingly security-savvy software buyer is driving a serious impetus for change. In this first part of a two-part ...
- March 01, 2006
The best way to ensure software is secure is to build security into the software development life cycle, industry experts say. Design-time threat modeling is pivotal, but it needs to be constrained by an understanding of the business risks involved.
- March 01, 2006
Recently launched Application Security Industry Consortium aims to give companies and their developers the information they need to select secure software and ensure products meet their business goals.
- February 21, 2006
Automated tools have their role in securing applications, but you can't rely on them totally. You also need skilled people to help identify vulnerabilities throughout the development lifecycle.
- February 01, 2006
Web application firewalls provide essential protection against application attacks. The question is, how do you decide which firewall is right for you? The Web Application Firewall Evaluation Criteria can help you decide.
- January 19, 2006
Secure application development requires a constant balancing act between functional requirements and business drivers, deadlines and limited resources, and risk and flexibility. Success comes to organizations that build security into all phases of ...
- January 16, 2006
Top security expert Howard Schmidt has viewed IT security from nearly every angle -- from the private sector at eBay and Microsoft, where he co-founded Microsoft's Trustworthy Computer Security Strategies Group, and from the government side, where ...
- January 10, 2006
Top security expert Howard Schmidt's has viewed IT security from nearly every angle. He was once vice president and chief security strategist at eBay as well as chief security officer at Microsoft, where he co-founded Microsoft's Trustworthy ...