DevSecOps and automated security
- February 14, 2020
Synopsys' Code Sight IDE plug-in provides capabilities for simultaneous static application security testing (SAST) and software composition analysis (SCA).
- November 01, 2019
Atlassian's CISO believes that eventually, application security mechanisms will be absorbed completely into Agile and DevOps tools -- including his own company's products.
- November 09, 2018
Independent once again, Veracode will focus on its cloud-based test services that enable developers to add security to the software development lifecycle.
- September 19, 2018
Sumo Logic has added cloud security monitoring features that put security in context with business intelligence analytics.
- September 14, 2018
Some advanced organizations tackle DevSecOps with automated security for CI/CD pipelines and infrastructure, and will complete the picture with developer security skills training.
- August 30, 2018
Competition has tightened in the software test market as vendors strategically acquire additional tools and align with developer ecosystem players.
- April 18, 2018
A survey of over 2,000 IT pros shows that fear of data breaches is increasing investments in DevSecOps tools, particularly automated security tools and oversight of open source software.
- December 18, 2017
DevSecOps, the practice of addressing security early in the application lifecycle, has caught on in the enterprise as developers must now also become security engineers.
- September 13, 2017
Low-code software development platforms are proliferating rapidly, even as headline-grabbing security breaches continue. Here's how they can help make software safer.
- April 26, 2017
DevOps can help develop software faster, but that's not making it any safer. DevSecOps is an effort to bring security into the mix. Here are some ways to get started.
- May 11, 2016
It's a scary world out there, but developers are in a rush to release. SourceClear Open gives developers the tools to make open source code projects more secure for free.
- April 27, 2015
Data privacy lawyer Jeff Kosseff discussed the current state of data privacy law as it applies to big data at the Big Data Tech Con in Boston.
- December 17, 2010
What are the important considerations of a requirements management tool when developing embedded software for a medical device? In this Q&A with IntraPace software development manager Mace Volzing, SSQ asks about managing requirements for the ...
- November 03, 2010
In Part 2 of this SSQ interview with Glitch author Jeff Papows, we learn more about Papows' proposal for an IT Governance Manifesto which would mandate higher standards of quality for life-threatening software. Papows warns of the dangers of not ...
- August 24, 2009
GatherSpace version 2 is now available and continues to offer low-cost software requirements gathering technology that is easily learned and easily implemented. According to GatherSpace founder Darren Levy, "It's painlessly easy to use, and an ...
- August 20, 2009
The ALM tool market is in an uproar as countless acquisitions, trends and shifts have altered the way in which application lifecycles are monitored industry experts explain situation.
- March 09, 2009
Bring the quality assurance department's many resources into the software testing process from the get-go, one expert advises, and watch common software development problems dissolve.
- December 08, 2008
SAFECode's guide to secure software development provides practices for all stages of the software development lifecycle proven to improve software security.
- October 15, 2008
The number of Web browsers and the rise of sophisticated attacks against them, such as cross-site request forgery and clickjacking, complicate website development, security, and testing.
- May 19, 2008
If you need to comply with the application security regulation of the PCI Data Security Standard, should you opt for code reviews or a Web application firewall? Experts offer their opinions.
- March 27, 2008
The revelation that pacemakers can be hacked illustrates how software makers have to start thinking differently about application security and quality.
- January 28, 2008
In the continuing drive to address quality and security earlier in the software development lifecycle (SDLC), two thought leaders in the automated source code analysis market -- Klocwork and Ounce Labs -- are targeting new releases at the developer.
- November 28, 2007
Security needs to become a way of life in application development, Microsoft's Michael Howard says. In this Q&A he explains how you need to use tools and educate people to make sure your applications aren't weak links.
- October 15, 2007
Securent's Entitlement Management Solution helps Wachovia enforce fine-grained application security, restricting who can do what once inside an application. More than that, it relieves developers from having to develop and deploy custom access ...
- September 06, 2007
While developers increasingly turn to Ajax to create applications, they're not including security controls, leaving those applications open to attack. Ajax experts Billy Hoffman and Bryan Sullivan explain what can be done to increase Ajax ...
- August 02, 2007
Web application security faces serious hurdles, experts warn. New attacks exploit XSS and CSRF vulnerabilities rampant among Web sites.
- July 12, 2007
IBM and HP have made moves to scoop up niche players in the nascent Web application security market. Analysts expect further consolidation, however, with big security vendors playing a role.
- June 05, 2007
Fortify's Brian Chess talks about his upcoming book, Secure Programming with Static Analysis, and progress that has been made toward making security part of the software development life cycle (SDLC).
- May 25, 2007
OWASP says cross-site scripting (XSS) remains the "termite" of Web applications, while cross-site request forgery and cryptography emerge as serious problems.
- May 15, 2007
By applying a multilayered approach to application security throughout the SDLC, software ships more securely, closer to the scheduled delivery date and closer to anticipated cost. How do you do that? Joe Basirico, a senior security trainer at ...
- May 07, 2007
The Klocwork 7.7 static code analysis suite provides enhanced usability and expanded support for Visual Studio .NET C/C++ and IntelliJ IDEA for Java. The goal is to make application security easier for developers.
- April 18, 2007
More people understand the importance of software security, but many more still need to become aware. They also need education and training to ensure they're testing applications properly and securing those applications.
- April 16, 2007
Watchfire makes it easier to integrate Web application security throughout the software development life cycle (SDLC) with its new application security testing tools -- AppScan 7.5 and AppScan QA.
- March 26, 2007
Educating programmers about application security is the focus of a campaign being launched by the SANS Institute and SPI Dynamics. A certification exam and workshops will be conducted as part of the campaign.
- March 13, 2007
SPI Dynamics has released a new version of its Web application security management tool, Assessment Management Platform (AMP). AMP 3.0, which assesses and manages application security risk across the enterprise and throughout the software ...
- March 05, 2007
Although Java has been found to be more secure than other languages, a report from Fortify Software's Java Open Review Project warns that developers may inadvertently introduce vulnerabilities into their own code by using the sample code and ...
- January 29, 2007
With WebInspect 7, SPI Dynamics has created a security product re-engineered to handle the threats and vulnerabilities of Web 2.0.
- November 16, 2006
The SDLC (software development life cycle) must be revamped to accommodate application security. Find out how to incorporate security into the SDLC with techniques from Ryan Berg.
- October 31, 2006
SQL injection is recognized as a major threat to application security, but what about other injection attacks? SPI Dynamics' Caleb Sima dissects these exploits and offers straightforward prevention techniques in this podcast.
- October 25, 2006
Agile software development should include security measures. Dan Cornell describes how to introduce application security into your agile software development life cycle (SDLC).
- October 19, 2006
If there's one thing developers should do to increase Web applications security, it's input validation, according to Caleb Sima, founder and CTO of SPI Dynamics. In this interview, he discusses the most dangerous threats to Web applications, such ...
- October 12, 2006
As banks struggle to secure online transactions with two-factor authentication, the United Bankers' Bank has chosen a fingerprint biometric system and has seen excellent results.
- October 10, 2006
A new suite of security products from Layer 7 aims to protect SOA, Ajax and Web 2.0.
- September 08, 2006
American Express, Discover, JCB, MasterCard and Visa have created an independent PCI standards council. Their first act was to release version 1.1 of the PCI Data Security Standard, which clarifies existing requirements as well as adds a new one for...
- August 30, 2006
Application logic attacks are common, dangerous and difficult to detect. In this interview, expert Rami Jaamour defines and analyzes logic attacks and provides in-depth security advice. As these threats become more popular, it is imperative to ...
- August 10, 2006
A security vulnerability has forced the creators of Ruby on Rails to issue an immediate upgrade. Version 1.1.5, which is being called a mandatory upgrade, is available now.
- July 17, 2006
"Google" hacking and directed attacks such as SQL injection and cross-site scripting are the most dangerous attack methods Web sites face, according to a new study by Fortify Software.
- July 11, 2006
Ajax security is increasingly important as attackers have set their sights on Ajax apps. Andrew van der Stock explained what risks developers need to be aware of in July 06, 2006 06 Jul'06
Web application security in Ajax is becoming an issue. Andrew van der Stock, who is heading the OWASP Guide project, spoke with SearchSoftwareQuality.com about Ajax security and what risks developers need to be concerned about.
- June 23, 2006
Java application security is further explored in the second part of Ramesh Nagappan's Java security series. Part 2 concentrates on Java Web Start security, Java Extensible Security Architecture and APIs.
- June 22, 2006
Ben Fathi, the new face of Trustworthy Computing at Microsoft, expects to get more involved in security design and development.
- June 21, 2006
Java technology already has many security features built in. Sun's Ramesh Nagappan explores Java security in the first article of this two-part series. In Part 1, he concentrates on Java Runtime Environment, Java security management tools and Java ...
- June 14, 2006
Application security expert Gary McGraw says you need to put your black hats on and start thinking like bad guys if you want to have secure software.
- June 12, 2006
Through its Trusted Computing Initiative Microsoft revamped its development lifecycle to produce more secure and reliable products. Steven B. Lipner, senior director of security engineering strategy at Microsoft, explains how the company did it and ...
- June 08, 2006
No software is perfect, but by thinking like a hacker you can better anticipate threats and create a more secure product.
- May 25, 2006
Java security isn't well understood, even by those who create Java applications. Fortify chief scientist Brian Chess describes common exploits that plague Java apps such as XSS, session hijacking and SQL injection.
- May 18, 2006
Sun is teaming up with SAP to deliver an integrated software package that will help businesses maintain automated "continuous compliance" with both external government regulations and internal corporate security policies.
- May 09, 2006
Software security doesn't require completely changing your software development life cycle. Application security expert Gary McGraw, author of Software Security: Building Security In, talks about software security best practices that can be easily ...
- May 01, 2006
Web applications need a layered approach to tackling security. Most organizations have deployed this at at the infrastructure level, but now experts say it's time to apply that approach to application security as well.
- April 26, 2006
The IEEE has approved revisions to the IEEE P1074 standard, giving project leaders methodologies for incorporating application security throughout the software development life cycle (SDLC).
- April 11, 2006
AppScan OnDemand services are designed to lower TCO and help organizations keep up with testing frequently changing Web applications.
- April 06, 2006
For many Java developers, application security has not been addressed much. That changed last week as a panel of application security experts tackled Java security in the SDLC at TheServerSide Java Symposium in Las Vegas.
- April 03, 2006
Users think if they use security solutions, like firewalls and intrusion prevention systems, they can do dangerous things and still be safe. Security expert Marcus J. Ranum, chief of security at Tenable Security Inc. and inventor of the proxy ...
- March 29, 2006
Cenzic's Intelligent Analysis (CIA) research lab recently named the top five most serious Web application vulnerabilities for the month of February. The company's top five list includes vulnerabilities in many of today's most widely used business ...
- March 23, 2006
Web application security was one of the themes at Boston's SecureWorld, but both security tools vendors and attendees stress more education is needed among developers.
- March 13, 2006
Application security expert Dr. Herbert H. Thompson says making security part of the software development life cycle (SDLC) reduces risk and provides strategic advantage. In the second part of a two-part interview, Thompson, chief security ...
- March 08, 2006
Application security expert Dr. Herbert H. Thompson says the convergence of regulatory demands for application security with an increasingly security-savvy software buyer is driving a serious impetus for change. In this first part of a two-part ...
- March 01, 2006
Recently launched Application Security Industry Consortium aims to give companies and their developers the information they need to select secure software and ensure products meet their business goals.
- March 01, 2006
The best way to ensure software is secure is to build security into the software development life cycle, industry experts say. Design-time threat modeling is pivotal, but it needs to be constrained by an understanding of the business risks involved.
- February 21, 2006
Automated tools have their role in securing applications, but you can't rely on them totally. You also need skilled people to help identify vulnerabilities throughout the development lifecycle.
- February 01, 2006
Web application firewalls provide essential protection against application attacks. The question is, how do you decide which firewall is right for you? The Web Application Firewall Evaluation Criteria can help you decide.
- January 19, 2006
Secure application development requires a constant balancing act between functional requirements and business drivers, deadlines and limited resources, and risk and flexibility. Success comes to organizations that build security into all phases of ...
- January 09, 2006
OWASP Guide to Building Secure Web Applications and Web Services, Chapter 22: Denial of Service Atta
This section of the OWASP Guide to Building Secure Web Applications and Web Services will help you make sure the application is robust as possible in the face of denial of service attacks.
- January 09, 2006
Secure authentication methods for Web applications are discussed in this chapter of the OWASP Guide to Building Secure Web Applications and Web Services. Java and .NET are both covered. SAML, biometrics, SSL, forms-based authentication and other ...
- January 06, 2006
OWASP Guide to Building Secure Web Applications and Web Services, Chapter 15: Error Handling, Auditi
This chapter of the OWASP Guide to Building Secure Web Applications and Web Services show you how to give your applications the ability to easily track or identify potential fraud or anomalies end-to-end.
- January 06, 2006
It isn't enough to secure the physical network. Today, criminals are focusing on exploiting vulnerabilities in applications. This report, written by Jim Zimmerman from Techra LLC, looks at the top application security vulnerabilities and how to deal...
- January 05, 2006
This section of the OWASP Guide to Building Secure Web Applications and Web Services will help you ensure applications are secure against all forms of input data. Techniques explained include data integrity checks, validation and business rule ...
- July 27, 2005
Web applications are vulnerable to a barrage of injection attacks, such as SQL injection and XSS. This chapter from OWASP explains how to secure your Web services against injection exploits.
- July 27, 2005
Follow this chapter of the OWASP Guide to Building Secure Web Applications and Web Services to make sure applications aren't exposed to faulty components, make sure applications create as few buffer overruns as possible, and encourage the use of ...
- July 27, 2005
In this section of the OWASP Guide to Building Secure Web Applications and Web Service you'll learn how to ensure authenticated users have a secure association with their session, enforce authorization checks and prevent common Web attacks.