Software Security Test Best Practices

  • October 15, 2008 15 Oct'08

    Browser security a concern for website development

    The number of Web browsers and the rise of sophisticated attacks against them, such as cross-site request forgery and clickjacking, complicate website development, security, and testing.

  • September 10, 2008 10 Sep'08

    Website security improved, but more can be done

    A recent study of website security by WhiteHat Security finds that although efforts are being made to prevent well-known attacks such as cross-site scripting (XSS) and SQL injection, threats of newer attacks are rising.

  • August 01, 2008 01 Aug'08

    Security vulnerabilities found in open source Java projects

    Fortify's Java Open Review researchers say the increasingly popular open source software projects such as Struts, Hibernate, and Geronimo have vulnerabilities that need fixing. Processes, too, are needed to ensure enterprise applications are safe.

  • July 23, 2008 23 Jul'08

    Software testing triage: Parallels in labor triage

    Software testers often use triage to determine which steps to take in the testing process. Rob and Anne Sabourin explained to an audience at the Conference of the Association of Software Testing (CAST) how lessons from labor triage can be applied to...

  • July 16, 2008 16 Jul'08

    Critical security issues found in the Spring Framework

    Ounce Labs recently discovered two security vulnerabilities that can affect Java Web applications that use the Spring Framework. The company is working with SpringSource to ensure developers know how to protect against these security issues.

  • June 09, 2008 09 Jun'08

    Ruby on Rails security audit service available

    Relevance, a Ruby on Rails software development practice, recently launched its Rails Security Audit. The service helps companies identify security vulnerabilities in Rails apps.

  • May 19, 2008 19 May'08

    PCI DSS compliance: Web application firewall or code review?

    If you need to comply with the application security regulation of the PCI Data Security Standard, should you opt for code reviews or a Web application firewall? Experts offer their opinions.

  • April 17, 2008 17 Apr'08

    Uncover Web application security vulnerabilities with these techniques

    Static and dynamic analysis -- manual or automated -- can help uncover Web app security flaws. Learn how to use the techniques to make sure your applications aren't open to attack.

  • March 12, 2008 12 Mar'08

    OWASP kicks off Summer of Code 2008

    Participants in the Open Web Application Security Project (OWASP) Summer of Code program receive money for working on OWASP and Web application security projects.

  • January 16, 2008 16 Jan'08

    Ajax security concerns you need to be aware of

    As developers implement Ajax and Web 2.0 applications, they need to understand security issues such as cross-site scripting (XSS), cross-site request forgery (CSRF) and JavaScript hijacking.

  • November 28, 2007 28 Nov'07

    Microsoft's Michael Howard: Security must be a part of every application

    Security needs to become a way of life in application development, Microsoft's Michael Howard says. In this Q&A he explains how you need to use tools and educate people to make sure your applications aren't weak links.

  • November 12, 2007 12 Nov'07

    Betfair uses source code analysis tool to eliminate software bugs

    Betfair, Europe's largest ecommerce site, uses Fortify Software's source code analysis tool, Fortify SCA 5.0, to automate the mundane parts of code review and to find bugs.

  • November 05, 2007 05 Nov'07

    JavaScript mashups raise application security issues; require caution

    Mashups, which combine Web pages within a single view, may be cool, but they're inherently insecure and have access to confidential information.

  • October 15, 2007 15 Oct'07

    Wachovia banks on entitlement management for fine-grained application security

    Securent's Entitlement Management Solution helps Wachovia enforce fine-grained application security, restricting who can do what once inside an application. More than that, it relieves developers from having to develop and deploy custom access ...

  • October 03, 2007 03 Oct'07

    Web application security, development unite

    The purchase of Web application security vendors SPI Dynamics and Watchfire by HP and IBM, respectively, indicate that application security is finally being taken seriously.