Software Security Test Best Practices

  • November 20, 2006 20 Nov'06

    WhiteHat Security to offer Web app security report

    Beginning in January 2007, WhiteHat Security will begin offering a quarterly Web site vulnerability report. It will offer a high-level view of vulnerabilities affecting enterprise Web sites and explains the likelihood of vulnerabilities existing on ...

  • November 06, 2006 06 Nov'06

    SPI Dynamics beefs up DevInspect tool

    SPI Dynamics takes application vulnerability detection a step further with DevInspect 3.0. The new version now includes full support for Java developers and J2EE Web applications.

  • November 06, 2006 06 Nov'06

    Watchfire's Web app vulnerability scanner boosts automation, communication

    AppScan 7.0 adds privilege escalation testing and support for two-factor authentication, plus root cause identification and communication features and a new Reporting Console.

  • November 01, 2006 01 Nov'06

    Protect ASP.NET 2.0 apps with Health Monitoring Framework

    In addition to writing code to keep malicious users out of their Web apps, ASP.NET developers should also monitor their applications for unusual activity. That includes testing, detection and management, which can be done using the Health Monitoring...

  • October 31, 2006 31 Oct'06

    Injection attacks -- Knowledge and prevention

    SQL injection is recognized as a major threat to application security, but what about other injection attacks? SPI Dynamics' Caleb Sima dissects these exploits and offers straightforward prevention techniques in this podcast.

  • October 26, 2006 26 Oct'06

    Source code analysis part of DoD's app security plan

    The U.S. Navy Network Warfare Command's evaluation of Ounce Labs' source code analysis technology showed how a tool such as Ounce could improve the Department of Defense's application security and reduce project costs.

  • October 23, 2006 23 Oct'06

    WhiteHat Security rolls out v3 of Sentinel service

    WhiteHat Security debuted version 3.0 of its WhiteHat Sentinel, a continuous vulnerability assessment and management service for Web applications. New features include a one-click vulnerability retest and the Inspector technology for building a ...

  • October 16, 2006 16 Oct'06

    Denim Group donates Ajax security scanner to OWASP

    Sprajax, the first Ajax security scanner, is now available for download at the OWASP Web site. The Denim Group has donated its tool to the non-profit organization.

  • October 10, 2006 10 Oct'06

    Ounce Labs joins forces with app security vendors

    In two announcements, Ounce Labs said it is partnering with application security vendors to help companies better find vulnerabilities in software.

  • October 06, 2006 06 Oct'06

    Secure voting: Source code analysis tool key to absentee ballot system

    PostX turned to the Fortify Source Code Analysis tool for help developing an absentee ballot request system for the U.S. Armed Forces. The system allows deployed military personnel to securely request and receive absentee ballot packages via the Web...

  • October 05, 2006 05 Oct'06

    Product roundup: New tools for protecting Web, .NET applications

    The past few weeks saw the release of new products to protect applications. Here's a look at some of those products, including WhiteHat Satellite, Aladdin HASP, AttackAPI (0.7) and Thor 0.99.

  • September 20, 2006 20 Sep'06

    Burton: Web application firewall market maturing

    Web application firewalls have improved performance and functionality, but it still takes time, knowledge and skills to implement them, according to a recent Burton Group report. They are not "fire and forget" solutions.

  • September 13, 2006 13 Sep'06

    Product roundup: New tools to ensure application security

    Over the past month, several application security products have been announced. Here's a roundup of some of those new tools, including Parasoft's Jtest 8.0, SIFT's Web Method Search tool and WiKID 2.1.1.

  • September 08, 2006 08 Sep'06

    PCI council formed; revised standard includes app security requirement

    American Express, Discover, JCB, MasterCard and Visa have created an independent PCI standards council. Their first act was to release version 1.1 of the PCI Data Security Standard, which clarifies existing requirements as well as adds a new one for...

  • September 04, 2006 04 Sep'06

    Expected PCI standard update raises concerns for Web app security

    Industry observers hope the PCI standard will focus more on security at the application layer -- not weaken current regulations -- and that the standards process will become more open.