Tutorials

Building security into the SDLC (Software development life cycle)

PCI DSS compliance: Web application firewalls (WAFs)

Web application firewalls (WAFs) are one option for those seeking compliance with requirement 6.6 of the PCI DSS. The benefits, limitations and proper implementation of WAFs are discussed by security experts in this section. Continue Reading
PCI DSS compliance: The basics

PCI DSS requires merchants to employ basic application security techniques in order to be in compliance. Here is an overview of PCI DSS and requirement 6.6. Continue Reading
PCI DSS compliance: Code review

Code review is a broad security concept and those looking at this option for compliance will find plenty of expert information on the types of code review in this section of the guide. Continue Reading
Web application security and the PCI DSS

Software security should be integrated into the software development lifecycle at every phase. While the PCI DSS doesn't account for all of this, here are some tips to get you started on a holistic approach toward security. Continue Reading
Application threats: CSRF, injection attacks and cookie replay

Web application exploits come in a variety of forms. There are a few that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. ... Continue Reading

Authentication & authorization: Secure ID and user privileges

Authentication and authorization work together to prevent a multitude of application security attacks. While the basic concepts behind these two methods may be simple, the technology is not. There is a vast array of authentication and authorization ... Continue Reading
Five application security threats and how to counter them

New threats emerge every day. In order to be secure, you must be able to identify the major threats and understand how to counter them. Here is a guide to the five most common and insidious threats to applications -– and what you can do about ... Continue Reading
Developing secure enterprise Java applications

Java application security tips, techniques, tools and other resources from SearchSoftwareQuality. Continue Reading
Developing secure .NET applications

There's no denying the importance of incorporating security at the application level. While some issues are similar across platforms, .NET developers face their own challenges. The resources here will help you understand the basics of .NET ... Continue Reading
SAP application security learning guide

If you're like most IT professionals, security is at the forefront of your concerns. Learn best practices for SAP security and applications security in this learning guide from SearchSAP.com and SearchAppSecurity.com. Continue Reading
Top 10 Web application security vulnerabilities

Based on the Open Web Application Security Project's top 10 project, this guide covers the 10 most critical Web application security vulnerabilities and how to protect your applications. Continue Reading

Get realistic about your multi-cloud strategy aspirations

Multi-cloud is attractive to software teams that want to expand their development toolboxes, but be careful about the complexity ...

Explore Clojure programming language and its multithread style

Discover the fundamentals of the Clojure programming language and its Java-specific uses and tool pairings to see if this ...

4 tips to tackle common microservices testing problems

Flaky tests put code quality -- and development team morale -- at risk. Proliferating microservices stress out test environments,...

TheServerSide.com

Pivotal Spring Runtime extends Java support, company lifeline

Pivotal's distribution of OpenJDK, the open source version of Java, joins the ranks of Amazon, Azul, IBM, Red Hat and others that...

Master Git basics and branch into DVCS

This Git guide focuses on some of the most basic information and tips. With a solid foundation, developers will be better ...

Don't let plugins open up more Jenkins vulnerabilities

Let's explore the Blue Ocean, Config File Provider and Groovy plugins with security vulnerabilities. Here's how to address them, ...

SearchCloudApplications

How IIoT and consumer IoT handle data differently

IIoT applications must be able to handle large amounts of continuous data from business facilities. Find out why IIoT apps need ...

What Oracle delivered at OOW 2015

Learn how Oracle was pushing its cloud technologies, but OOW 2015 keynote speakers largely talked about cloud strategies.

Five key terms in enterprise cloud applications you need to know

Are you stumped by enterprise cloud applications or related technology? Check out this breakdown of five important terms to help ...

SearchAWS

AWS re:Inforce agenda underscores cloud security challenges

AWS re:Inforce this month in Boston is the first dedicated security conference by the industry's largest cloud provider. Here's ...

AWS partner program targets cloud migration of ISV workloads

A new AWS cloud migration program is geared to bring ISV application workloads to the platform, and offers a financial incentive ...

IT skills shortage leads to AWS certification demand

AWS certifications help engineers advance their careers and help businesses find qualified candidates. Learn why demand for ...

SearchBusinessAnalytics

How the Salesforce acquisition will affect Tableau users

In the wake of Salesforce's acquisition of Tableau, it remains to be seen whether Tableau users will be pushed to the cloud and ...

Google acquisition of Looker to boost Google Cloud analytics

By acquiring Looker, Google will enhance its analytics and BI capabilities available through Google Cloud, while becoming a ...

6 tips for effective customer data mining

Digging into customer analytics can improve sales opportunities -- but how does an organization balance that against data privacy...

SearchHRSoftware

Generation Z workplace may emphasize human contact

Generation Z may demand more human-to-human contact with managers and co-workers. Surveys suggest that text messaging will also ...

Workplace violence drives interest in mass notifications

The Virginia Beach shooting that killed 12 may help motivate employers to deploy mass notification systems as well as programs to...

ECM platforms centralize HR data, but not without challenges

Managing employee documentation is an important aspect of HR, but some departments may struggle with how to import documents and ...

SearchHealthIT

Nexera launches self-assessment for hospital supply chain

Nexera's free Hospital Supply Chain Performance Self-Assessment tool will help supply chain and CQO professionals evaluate and ...

6 steps to better third-party risk management

The American Medical Collection Agency data breach exposed the hazard of dealing with service providers. Here are six steps on ...

Glassbeam healthcare analytics platform boosts productivity

Glassbeam Clinsights is a cloud-based platform for healthcare professionals to monitor machine health, diagnose part failures, ...

DevOpsAgenda

How to bust security silos and secure your operation

DevOps means velocity, though, not at security's expense. Rapid7's Jen Andre thinks automation and orchestration strategies can ...

The first step from Agile to DevOps is a pilot project

Agile to DevOps isn't as perilous as Waterfall to Agile, but it will take measurable goals and an efficient pilot project to ...

Best practices for DevOps compliance and reusability

You know you want to scale with a model-driven process. So how do you make it work? Start with these best practices for ...