Software Security Test Best Practices

  • September 12, 2007 12 Sep'07

    SOA, Web services create software security challenges

    Service-oriented architecture (SOA), Web services and Web 2.0 technologies increase the attack surface of applications, creating new challenges for software testers and developers.

  • September 06, 2007 06 Sep'07

    Ajax application security critical, experts warn

    While developers increasingly turn to Ajax to create applications, they're not including security controls, leaving those applications open to attack. Ajax experts Billy Hoffman and Bryan Sullivan explain what can be done to increase Ajax ...

  • September 06, 2007 06 Sep'07

    Brief: Research identifies five key threats to Web 2.0

    The latest WatchGuard Rapid Response team report identifies five reasons why enterprises using Web. 2.0 technologies should be on guard. Included on the list: buggy Web applications and DNS system attacks.

  • August 28, 2007 28 Aug'07

    PCI Security Standards Council to address application security requirements

    Application security requirements in the Payment Card Industry (PCI) Data Security Standard (DSS) will be up for discussion when the PCI Security Standards Council meets next month for its first community meeting.

  • August 06, 2007 06 Aug'07

    Software security testing: Finding your inner evildoer

    If a software tester has a great imagination, complete knowledge of the system they are testing, and an evil streak so he can think like an attacker, he will be well on his way to becoming an exceptional security tester.

  • July 25, 2007 25 Jul'07

    PreEmptive announces new obfuscation product, support for Silverlight

    PreEmptive Solutions recently announced Dotfuscator Gold, the first comprehensive obfuscation and instrumentation platform that protects, analyzes and monetizes .NET applications. It also announced support for Microsoft Silverlight 1.1 alpha.

  • July 16, 2007 16 Jul'07

    Watchfire enhances AppScan, offers on-demand application security service

    Watchfire has enhanced AppScan to include PHP fix recommendations and a SQL injection exploit extension. The company has also unveiled a new on-demand application security service.

  • July 02, 2007 02 Jul'07

    Application security takes on greater importance in Web 2.0

    Web 2.0 applications have the same vulnerabilities as regular applications. Security evangelist Michael Sutton explains how to use application security methods in a dynamic Web environment.

  • June 19, 2007 19 Jun'07

    HP adds Web application security to its portfolio with SPI Dynamics acquisition

    HP plans to acquire SPI Dynamics Inc., a leading provider of Web application security assessment software and services. SPI Dynamics will be integrated into the Software unit within HP's Technology Solutions Group.

  • June 13, 2007 13 Jun'07

    Jeremiah Grossman on the pervasive nature of XSS

    Jeremiah Grossman, founder and chief technology officer of WhiteHat Security, talks about his new book, Cross Site Scripting Attacks: XSS Exploits and Defense; how developers and users can defend themselves against XSS; and the state of Web ...

  • June 06, 2007 06 Jun'07

    IBM to acquire Web application security vendor Watchfire

    IBM announced plans to acquire Watchfire, creator of the AppScan application security products.

  • May 29, 2007 29 May'07

    XSS the top vulnerability in most Web applications in Q1

    Cenzic's Application Security Trends report shows various cross-site scripting (XSS) vulnerabilities dominated the top 10 vulnerabilities in commercial and open source Web applications the first quarter of 2007.

  • May 08, 2007 08 May'07

    OMG working to improve application security testing

    The OMG's development of a Software Assurance Framework would allow information to be shared among the security tooling community, enabling interoperability between application security tools.

  • May 07, 2007 07 May'07

    Klocwork enhances static code analysis suite

    The Klocwork 7.7 static code analysis suite provides enhanced usability and expanded support for Visual Studio .NET C/C++ and IntelliJ IDEA for Java. The goal is to make application security easier for developers.

  • April 18, 2007 18 Apr'07

    How to attack (test) software yourself

    What's the best way to protect your software? Act like an attacker. Herbert H. Thompson, PhD., chief security strategist at People Security, outlines how to attack (test) software yourself.