Software Security Test Best Practices
- September 12, 2007
Service-oriented architecture (SOA), Web services and Web 2.0 technologies increase the attack surface of applications, creating new challenges for software testers and developers.
- September 06, 2007
While developers increasingly turn to Ajax to create applications, they're not including security controls, leaving those applications open to attack. Ajax experts Billy Hoffman and Bryan Sullivan explain what can be done to increase Ajax ...
- September 06, 2007
The latest WatchGuard Rapid Response team report identifies five reasons why enterprises using Web. 2.0 technologies should be on guard. Included on the list: buggy Web applications and DNS system attacks.
- August 28, 2007
Application security requirements in the Payment Card Industry (PCI) Data Security Standard (DSS) will be up for discussion when the PCI Security Standards Council meets next month for its first community meeting.
- August 06, 2007
If a software tester has a great imagination, complete knowledge of the system they are testing, and an evil streak so he can think like an attacker, he will be well on his way to becoming an exceptional security tester.
- July 25, 2007
PreEmptive Solutions recently announced Dotfuscator Gold, the first comprehensive obfuscation and instrumentation platform that protects, analyzes and monetizes .NET applications. It also announced support for Microsoft Silverlight 1.1 alpha.
- July 16, 2007
Watchfire has enhanced AppScan to include PHP fix recommendations and a SQL injection exploit extension. The company has also unveiled a new on-demand application security service.
- July 02, 2007
Web 2.0 applications have the same vulnerabilities as regular applications. Security evangelist Michael Sutton explains how to use application security methods in a dynamic Web environment.
- June 19, 2007
HP plans to acquire SPI Dynamics Inc., a leading provider of Web application security assessment software and services. SPI Dynamics will be integrated into the Software unit within HP's Technology Solutions Group.
- June 13, 2007
Jeremiah Grossman, founder and chief technology officer of WhiteHat Security, talks about his new book, Cross Site Scripting Attacks: XSS Exploits and Defense; how developers and users can defend themselves against XSS; and the state of Web ...
- June 06, 2007
IBM announced plans to acquire Watchfire, creator of the AppScan application security products.
- May 29, 2007
Cenzic's Application Security Trends report shows various cross-site scripting (XSS) vulnerabilities dominated the top 10 vulnerabilities in commercial and open source Web applications the first quarter of 2007.
- May 08, 2007
The OMG's development of a Software Assurance Framework would allow information to be shared among the security tooling community, enabling interoperability between application security tools.
- May 07, 2007
The Klocwork 7.7 static code analysis suite provides enhanced usability and expanded support for Visual Studio .NET C/C++ and IntelliJ IDEA for Java. The goal is to make application security easier for developers.
- April 18, 2007
What's the best way to protect your software? Act like an attacker. Herbert H. Thompson, PhD., chief security strategist at People Security, outlines how to attack (test) software yourself.