Tutorials

Tutorials

Building security into the SDLC (Software development life cycle)

• PCI DSS compliance: Web application firewalls (WAFs)

  Web application firewalls (WAFs) are one option for those seeking compliance with requirement 6.6 of the PCI DSS. The benefits, limitations and proper implementation of WAFs are discussed by security experts in this section.  Continue Reading

• PCI DSS compliance: The basics

  PCI DSS requires merchants to employ basic application security techniques in order to be in compliance. Here is an overview of PCI DSS and requirement 6.6.  Continue Reading

• PCI DSS compliance: Code review

  Code review is a broad security concept and those looking at this option for compliance will find plenty of expert information on the types of code review in this section of the guide.  Continue Reading

• Web application security and the PCI DSS

  Software security should be integrated into the software development lifecycle at every phase. While the PCI DSS doesn't account for all of this, here are some tips to get you started on a holistic approach toward security.  Continue Reading

• Application threats: CSRF, injection attacks and cookie replay

  Web application exploits come in a variety of forms. There are a few that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. ...  Continue Reading

• Authentication & authorization: Secure ID and user privileges

  Authentication and authorization work together to prevent a multitude of application security attacks. While the basic concepts behind these two methods may be simple, the technology is not. There is a vast array of authentication and authorization ...  Continue Reading

• Five application security threats and how to counter them

  New threats emerge every day. In order to be secure, you must be able to identify the major threats and understand how to counter them. Here is a guide to the five most common and insidious threats to applications -– and what you can do about ...  Continue Reading

• Developing secure enterprise Java applications

  Java application security tips, techniques, tools and other resources from SearchSoftwareQuality.  Continue Reading

• Developing secure .NET applications

  There's no denying the importance of incorporating security at the application level. While some issues are similar across platforms, .NET developers face their own challenges. The resources here will help you understand the basics of .NET ...  Continue Reading

• SAP application security learning guide

  If you're like most IT professionals, security is at the forefront of your concerns. Learn best practices for SAP security and applications security in this learning guide from SearchSAP.com and SearchAppSecurity.com.  Continue Reading

• Top 10 Web application security vulnerabilities

  Based on the Open Web Application Security Project's top 10 project, this guide covers the 10 most critical Web application security vulnerabilities and how to protect your applications.  Continue Reading