Software Security Test Best Practices
- October 15, 2008
The number of Web browsers and the rise of sophisticated attacks against them, such as cross-site request forgery and clickjacking, complicate website development, security, and testing.
- September 10, 2008
A recent study of website security by WhiteHat Security finds that although efforts are being made to prevent well-known attacks such as cross-site scripting (XSS) and SQL injection, threats of newer attacks are rising.
- August 01, 2008
Fortify's Java Open Review researchers say the increasingly popular open source software projects such as Struts, Hibernate, and Geronimo have vulnerabilities that need fixing. Processes, too, are needed to ensure enterprise applications are safe.
- July 23, 2008
Software testers often use triage to determine which steps to take in the testing process. Rob and Anne Sabourin explained to an audience at the Conference of the Association of Software Testing (CAST) how lessons from labor triage can be applied to...
- July 16, 2008
Ounce Labs recently discovered two security vulnerabilities that can affect Java Web applications that use the Spring Framework. The company is working with SpringSource to ensure developers know how to protect against these security issues.
- June 09, 2008
Relevance, a Ruby on Rails software development practice, recently launched its Rails Security Audit. The service helps companies identify security vulnerabilities in Rails apps.
- May 19, 2008
If you need to comply with the application security regulation of the PCI Data Security Standard, should you opt for code reviews or a Web application firewall? Experts offer their opinions.
- April 17, 2008
Static and dynamic analysis -- manual or automated -- can help uncover Web app security flaws. Learn how to use the techniques to make sure your applications aren't open to attack.
- March 12, 2008
Participants in the Open Web Application Security Project (OWASP) Summer of Code program receive money for working on OWASP and Web application security projects.
- January 16, 2008
- November 28, 2007
Security needs to become a way of life in application development, Microsoft's Michael Howard says. In this Q&A he explains how you need to use tools and educate people to make sure your applications aren't weak links.
- November 12, 2007
Betfair, Europe's largest ecommerce site, uses Fortify Software's source code analysis tool, Fortify SCA 5.0, to automate the mundane parts of code review and to find bugs.
- November 05, 2007
Mashups, which combine Web pages within a single view, may be cool, but they're inherently insecure and have access to confidential information.
- October 15, 2007
Securent's Entitlement Management Solution helps Wachovia enforce fine-grained application security, restricting who can do what once inside an application. More than that, it relieves developers from having to develop and deploy custom access ...
- October 03, 2007
The purchase of Web application security vendors SPI Dynamics and Watchfire by HP and IBM, respectively, indicate that application security is finally being taken seriously.