Tips

Tips

• Using JMock in test-driven development

  In test-driven development (TDD), it's important to properly implement mock objects. Here is a detailed case study about the using mock object framework JMock in TDD. However, this case study can also be applied using other frameworks and tools.  Continue Reading

• Software requirements analysis: Five use case traps to avoid

  Employing use cases during software requirements analysis helps you improve your chances of developing software that truly meets their needs. But there are traps you should avoid, says expert Karl E. Wiegers.  Continue Reading

• Ambiguous software requirements lead to confusion, extra work

  Ambiguous requirements lead to confusion, wasted effort and rework. This article from software requirements expert Karl E. Wiegers, Ph.D. describes several common types of requirements ambiguity and suggests how to avoid them.  Continue Reading

• CSRF attack vector with Ajax serialization

  Web 2.0 applications are increasingly at risk to cross-site request forgery (CSRF) attacks. Shreeraj Shah explains what those risks are and how you can prevent such attacks.  Continue Reading

• Malicious code injection: It's not just for SQL anymore

  Injection attacks are ubiquitous, and SQL injection is only one version of the exploit. S.P.I. Dynamics' Bryan Sullivan describes these attacks and how to prevent them.  Continue Reading

• Shell script security: Protecting your code

  Shell scripts are vulnerable to bugs and exploits like any other programming language. Learn how to secure your script and protect your applications with these tips from James Turnbull.  Continue Reading

• Challenges of two-factor authentication

  Two-factor authentication offers many security benefits, but can be expensive and ineffective if not implemented carefully. In order to secure your apps, choose your authentication methods and tools wisely.  Continue Reading

• The importance of input validation

  Web applications are vulnerable if you don't practice input validation. Learn how to prevent application attacks such as buffer overflow, SQL injection and cross-site scripting.  Continue Reading

• Buffer overflow tools facilitate application testing

  Web applications are the conduit for buffer overflow attacks on the Web server. As such, it's imperative to make sure your applications cannot be exploited. These tools can help you out.  Continue Reading

• .NET Framework features security mechanism

  The .NET Framework includes a simple but very flexible identity-based security mechanism. The key to using it is a detailed understanding of the Principal and Identity objects.  Continue Reading

• Input Validation Attacks -- Chapter 6, Hacking Exposed Web Applications, Second Edition

  Input validation routines serve as a first line of defense for a Web application. Buffer overflow, directory traversal, cross-site scripting and SQL injection are just a few of the attacks that can result from improper data validation. This chapter ...  Continue Reading

• Understanding directory traversal attacks

  Directory traversal attacks are the very common, very dangerous HTTP exploits you never hear about. For the sake of your Web applications, it's time to start taking notice.  Continue Reading

• Ways to automate SQL injection testing

  Manual testing for SQL injection requires much effort with little guarantee that you'll find every vulnerability. CISSP Kevin Beaver offers a better way: automated SQL injection testing.  Continue Reading

• Threat modeling enhanced with misuse cases

  Misuse cases capture all the possible attacks on an application, as well as mitigation steps. Anurag Agarwal explains how they can help architects correct design flaws, help developers understand a hacker's approach and write more secure code, and ...  Continue Reading

• Secure SDLC: Integrating security into your software development life cycle

  Integrating security into the SDLC is essential for developing quality software. While there are no standard practices, these guidelines can help you develop a custom process for a secure software development life cycle.  Continue Reading

• Penetration testing best practices

  Penetration testing can help you find critical vulnerabilties in your Web applications. Here are some best practices for pen testing to achieve application security.  Continue Reading

• Myth-busting Web application buffer overflows

  If someone managed to exploit a buffer overflow in a Web application, it would result in a critical situation. But the chance of that happening to a custom Web application is slim. Focus instead on cross-site scripting and SQL injection ...  Continue Reading

• Defining and preventing buffer overflows

  Kurt Seifried describes buffer-over flow attacks and how you can guard against them.  Continue Reading

• SOA requires enterprise application security integration architecture

  Web application security in SOA-based systems can be very difficult to achieve. This tip explains how to use authentication and authorization methods, such as JAAS and SAML, will help secure your Web services.  Continue Reading

• How to Break Web Software: Functional and Security Testing of Web Applications and Web Services -- C

  Web application security is dependent on proper coding and session management, and Web application developers must take it upon themselves to code state information so they can enforce rules about page access and session management. This chapter ...  Continue Reading

• Penetration testing versus code review

  Penetration testing and code review both have their advantages. Which application security method is more effective at finding critical vulnerabilities?  Continue Reading

• An inside look at XML encryption

  At the core of Web services security is the ability to encrypt information sent out as XML documents, using XML encryption.  Continue Reading

• How to avoid authentication bypass attacks

  Strong authentication methods may not fully protect your applications. George Wrenn offers some tips for avoiding authentication bypass attacks.  Continue Reading