Tutorials

Building security into the SDLC (Software development life cycle)

PCI DSS compliance: Web application firewalls (WAFs)

Web application firewalls (WAFs) are one option for those seeking compliance with requirement 6.6 of the PCI DSS. The benefits, limitations and proper implementation of WAFs are discussed by security experts in this section. Continue Reading
PCI DSS compliance: The basics

PCI DSS requires merchants to employ basic application security techniques in order to be in compliance. Here is an overview of PCI DSS and requirement 6.6. Continue Reading
PCI DSS compliance: Code review

Code review is a broad security concept and those looking at this option for compliance will find plenty of expert information on the types of code review in this section of the guide. Continue Reading
Web application security and the PCI DSS

Software security should be integrated into the software development lifecycle at every phase. While the PCI DSS doesn't account for all of this, here are some tips to get you started on a holistic approach toward security. Continue Reading
Application threats: CSRF, injection attacks and cookie replay

Web application exploits come in a variety of forms. There are a few that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. ... Continue Reading

Authentication & authorization: Secure ID and user privileges

Authentication and authorization work together to prevent a multitude of application security attacks. While the basic concepts behind these two methods may be simple, the technology is not. There is a vast array of authentication and authorization ... Continue Reading
Five application security threats and how to counter them

New threats emerge every day. In order to be secure, you must be able to identify the major threats and understand how to counter them. Here is a guide to the five most common and insidious threats to applications -– and what you can do about ... Continue Reading
Developing secure enterprise Java applications

Java application security tips, techniques, tools and other resources from SearchSoftwareQuality. Continue Reading
Developing secure .NET applications

There's no denying the importance of incorporating security at the application level. While some issues are similar across platforms, .NET developers face their own challenges. The resources here will help you understand the basics of .NET ... Continue Reading
SAP application security learning guide

If you're like most IT professionals, security is at the forefront of your concerns. Learn best practices for SAP security and applications security in this learning guide from SearchSAP.com and SearchAppSecurity.com. Continue Reading
Top 10 Web application security vulnerabilities

Based on the Open Web Application Security Project's top 10 project, this guide covers the 10 most critical Web application security vulnerabilities and how to protect your applications. Continue Reading

How shared Lambda functions help microservices access control

Shared Lambda functions can help combat error message issues that arise when developers create custom authentication and ...

5 common traps lurking in RESTful development

Unfortunately, many RESTful API developers fall into the same traps during design. Here are five common mistakes that you can ...

These tools help build microservices in Java

Depending on the mission, developers need to align their tool choices with one of two paths for Java microservices. Here's what ...

TheServerSide.com

Convert JPEG to SVG to improve webpage performance

Vector images open the door for multiple benefits on HTML webpages. Consider SVGs instead of raster images to boost HTML speed ...

Master-slave terminology alternatives you can use right now

Software companies have found alternatives for master-slave terminology to describe their distributed systems. It's time for the ...

RESTful parameters antipattern considerations for queries, paths

Choose carefully for path and query parameters in URL design. Lackluster choices in the design phase can plague client resource ...

SearchCloudApplications

Microsoft Azure Dev Spaces, Google Jib target Kubernetes woes

Microsoft Azure and Google Cloud both added cloud application development tools that improve and simplify the process of creating...

With progressive web applications, developers blur the lines

With progressive web applications, single-page apps, motion UI and other innovations, app development meets the moment, giving ...

Web app development morphs as apps and websites merge

The lines between web and mobile app and websites are blurring, so development silos are out, and boning up on building ...

SearchAWS

AWS predictive scaling boosts cloud's resource management

AWS Auto Scaling offers adjustable resources for workloads with fluctuations in demand. With predictive scaling, AWS applies ...

Use AWS Firecracker to build micro VMs for containerized apps

Firecracker has many of the benefits of containers and VMs, without some of their limitations. Here are a few things to know if ...

AWS Lambda functions become more flexible, but use caution

AWS Lambda added custom runtimes and longer timeouts. Review the benefits, such as flexibility and easier migration, along with ...

SearchBusinessAnalytics

Upswing in cloud business intelligence spawns migration issues

More organizations are looking to run BI and analytics applications in the cloud. This handbook offers insights into moving ...

Avoid turbulence when shifting to data analytics in the cloud

When migrating BI and data analytics to the cloud, factor existing analytics processes, software evaluation, data protection and ...

Information Builders CEO on cloud-first approach, machine learning

Information Builders' new CEO, Frank Vella, said the company's focus on cloud and machine learning will help it solidify a firm ...

SearchHRSoftware

AI in recruiting may be above HR's head

Video job interviews are powerful tools. HireVue's AI algorithm can watch a candidate without losing focus and notice things a ...

Cybersecurity education: How HR can plan for the inevitable

Cybersecurity is a major concern for any organization, but employees continue to be a top threat. HR can help mitigate insider ...

LinkedIn's recruiting platform billed as 'Intelligent Hiring Experience'

LinkedIn's use of AI requires the sharing of data. It is one reason why the company is combining its talent tools into one system...

SearchHealthIT

3 technologies to improve the patient check-in process

Allowing patients to check in electronically, whether from a kiosk or tablet, can improve the patient experience and reduce the ...

ONC, CMS strive for a competitive healthcare market with open APIs

Newly proposed rules from CMS and ONC aren't just about fostering interoperability and patient data access, they're also about ...

Population health management programs require goal alignment

In this Q&A, KLAS population health researcher Bradley Hunter says successful population health management programs hinge on goal...

DevOpsAgenda

How to bust security silos and secure your operation

DevOps means velocity, though, not at security's expense. Rapid7's Jen Andre thinks automation and orchestration strategies can ...

The first step from Agile to DevOps is a pilot project

Agile to DevOps isn't as perilous as Waterfall to Agile, but it will take measurable goals and an efficient pilot project to ...

Best practices for DevOps compliance and reusability

You know you want to scale with a model-driven process. So how do you make it work? Start with these best practices for ...