Tutorials

Building security into the SDLC (Software development life cycle)

PCI DSS compliance: Web application firewalls (WAFs)

Web application firewalls (WAFs) are one option for those seeking compliance with requirement 6.6 of the PCI DSS. The benefits, limitations and proper implementation of WAFs are discussed by security experts in this section. Continue Reading
PCI DSS compliance: The basics

PCI DSS requires merchants to employ basic application security techniques in order to be in compliance. Here is an overview of PCI DSS and requirement 6.6. Continue Reading
PCI DSS compliance: Code review

Code review is a broad security concept and those looking at this option for compliance will find plenty of expert information on the types of code review in this section of the guide. Continue Reading
Web application security and the PCI DSS

Software security should be integrated into the software development lifecycle at every phase. While the PCI DSS doesn't account for all of this, here are some tips to get you started on a holistic approach toward security. Continue Reading
Application threats: CSRF, injection attacks and cookie replay

Web application exploits come in a variety of forms. There are a few that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. ... Continue Reading

Authentication & authorization: Secure ID and user privileges

Authentication and authorization work together to prevent a multitude of application security attacks. While the basic concepts behind these two methods may be simple, the technology is not. There is a vast array of authentication and authorization ... Continue Reading
Five application security threats and how to counter them

New threats emerge every day. In order to be secure, you must be able to identify the major threats and understand how to counter them. Here is a guide to the five most common and insidious threats to applications -– and what you can do about ... Continue Reading
Developing secure enterprise Java applications

Java application security tips, techniques, tools and other resources from SearchSoftwareQuality. Continue Reading
Developing secure .NET applications

There's no denying the importance of incorporating security at the application level. While some issues are similar across platforms, .NET developers face their own challenges. The resources here will help you understand the basics of .NET ... Continue Reading
SAP application security learning guide

If you're like most IT professionals, security is at the forefront of your concerns. Learn best practices for SAP security and applications security in this learning guide from SearchSAP.com and SearchAppSecurity.com. Continue Reading
Top 10 Web application security vulnerabilities

Based on the Open Web Application Security Project's top 10 project, this guide covers the 10 most critical Web application security vulnerabilities and how to protect your applications. Continue Reading

When event-driven messaging is the right choice

Event-driven messaging and API messaging both have their place in application architecture. In this Q&A, a Gartner analyst ...

How to create an efficient container-based architecture

Containers can introduce as many problems as they solve. In case you missed it, these four articles offer practical advice for ...

For API-based integration, a gateway is your friend

Gateway technology makes API-based integration and microservices more secure, more efficient and more manageable. But beware API ...

TheServerSide.com

Red Hat replaces Oracle as OpenJDK 8, OpenJDK 11 steward

Red Hat has taken control of two popular versions of the open source Java implementation, so developers can continue to build ...

JavaScript popularity drives TypeScript adoption among devs

More developers choose to work with JavaScript to build web, server-side and mobile applications, while TypeScript has quickly ...

Encrypted computing approaches practical app development

A new technology could make it easier to write apps that don't have to decrypt data and, therefore, improve security without a ...

SearchCloudApplications

Microsoft Azure Dev Spaces, Google Jib target Kubernetes woes

Microsoft Azure and Google Cloud both added cloud application development tools that improve and simplify the process of creating...

With progressive web applications, developers blur the lines

With progressive web applications, single-page apps, motion UI and other innovations, app development meets the moment, giving ...

Web app development morphs as apps and websites merge

The lines between web and mobile app and websites are blurring, so development silos are out, and boning up on building ...

SearchAWS

Oracle vs. AWS: Compare cloud databases, PaaS and SaaS

Oracle and AWS gear their clouds toward different users, so it's important to know where your organization falls. See which ...

Decide if Amazon Corretto is the best fit for Java devs on AWS

AWS plans to support Java developers with Corretto, its OpenJDK distribution with longer free support than what Oracle offers. ...

Analyze Amazon S3 storage classes, from Standard to Glacier

Select the proper S3 class to improve your storage strategy. Learn the differences in cost and fit, such as which tiers offer ...

SearchBusinessAnalytics

How to integrate Power BI and SharePoint via embedded reports

Expert Brien Posey explains two methods for including Power BI reports on pages in SharePoint Online's cloud service: publishing ...

Data-rich organizations turn focus to ethical data mining

As data analytics have increasingly become a core component of organizations' strategies, concerns have arisen around how data is...

Cloud AutoML, BigQuery ML upgrades expand Google stake in ML

Google introduced a raft of updates to its cloud-based machine learning and AI products, including expanded capabilities for its ...

SearchHRSoftware

Diversity in hiring a key to eradicating AI bias

HR is turning to AI systems to help rank and sort job candidates. But the systems like these are mostly designed by men, who may ...

Technology can aid diversity and inclusion in HCM, with caveats

Vendors are increasingly building AI applications to be bias-free to address concerns around diversity and inclusion. The ...

As baby boomers exit, AR and VR tools help to capture their expertise

Demand for virtual and augmented reality tools is soaring, and the need to capture expertise from retiring baby boomers may be ...

SearchHealthIT

InterSystems HealthShare launches Provider Directory

The new Provider Directory in the InterSystems HealthShare system will consolidate all available information on providers and ...

Telemedicine provider MDLIVE talks partnering with health systems

MDLIVE CMO Lyle Berkowitz talks about why health systems need to start introducing telemedicine -- now.

How CIOs can help alleviate EHR issues

EHRs can be more problem than solution for healthcare organizations, but CIOs can help by talking to practitioners and holding ...

DevOpsAgenda

How to bust security silos and secure your operation

DevOps means velocity, though, not at security's expense. Rapid7's Jen Andre thinks automation and orchestration strategies can ...

The first step from Agile to DevOps is a pilot project

Agile to DevOps isn't as perilous as Waterfall to Agile, but it will take measurable goals and an efficient pilot project to ...

Best practices for DevOps compliance and reusability

You know you want to scale with a model-driven process. So how do you make it work? Start with these best practices for ...