Software Security Test Best Practices

Top Stories

  • News 01 Nov 2019

    Atlassian CISO Adrian Ludwig shares DevOps security outlook

    Atlassian's CISO believes that eventually, application security mechanisms will be absorbed completely into Agile and DevOps tools -- including his own company's products. Continue Reading

  • Tip 30 Sep 2019

    Implement a DevSecOps pipeline to boost releases' security posture

    Break security out of its silo, and get the whole team on board to create a culture of quality with the right tools at the right time -- and stop blindly rushing to release. Continue Reading

  • Podcast 26 Sep 2019

    Why DevOps underscores the importance of software testing

    There's no debating the importance of software testing. But QA should be everyone's responsibility. In this podcast, learn how to follow a team-wide approach to quality. Continue Reading

  • Tip 26 Mar 2019

    Secure open source components to bypass breaches

    As enterprises increasingly turn to open source code to cut dev efforts and costs, IT industry vendors recommend that they secure dependencies and deploy patches to safeguard apps. Continue Reading

  • Tip 13 Mar 2019

    How to implement a winning interoperability testing strategy

    From security to data transfers, network complexity and testing environments, development teams have a lot to address to perform effective interoperability tests. Continue Reading

  • Photo Story 12 Dec 2018

    5 software development trends propel innovation in 2019

    Get ready to jettison your comfort zone and dive into shift-right testing, IoT development and other emerging skill and coverage areas for software developers and testers. Continue Reading

  • Feature 12 Oct 2018

    Make your pitch for chaos engineering practices

    Is your QA team ready for chaos engineering? Find out how to prep staff for resilience engineering and why you should avoid that 'chaotic' name altogether. Continue Reading

  • News 14 Sep 2018

    Mature DevSecOps orgs refine developer security skills training

    Some advanced organizations tackle DevSecOps with automated security for CI/CD pipelines and infrastructure, and will complete the picture with developer security skills training. Continue Reading

  • Answer 30 Aug 2018

    What are the top software testing methodologies?

    Whether you want to discover new software testing methodologies or rejuvenate test cases, QA is all about efficiency. Evaluate these testing techniques and strategies to meet QA goals. Continue Reading

  • Feature 04 Jun 2018

    OSS security requires DIY scrutiny, not trusting 'many eyes'

    How many ways can hackers exploit the security flaws in open source? Cybersecurity experts count the ways and the approaches that can prevent costly security breaches. Continue Reading

  • Feature 21 May 2018

    Amp up OSS security with these steps

    A test vendor's CTO describes the OSS security mistakes that enterprises make, such as not patching vulnerabilities or inaccurate inventory dependencies. Continue Reading

  • Feature 15 May 2018

    10 important automated testing best practices to implement

    QA and test pros give advice on how to craft software test automation strategies that can speed app deployment. They also share their criteria for choosing automated test tools. Continue Reading

  • Answer 26 Apr 2018

    Automated security testing frees devs to prevent breaches

    Common software security mistakes include testing at the last minute and not testing open source code and VMs. Expert Matt Heusser suggests ways to avoid these and other missteps. Continue Reading

  • News 18 Apr 2018

    Failure to secure open source code spurs DevSecOps boom

    A survey of over 2,000 IT pros shows that fear of data breaches is increasing investments in DevSecOps tools, particularly automated security tools and oversight of open source software. Continue Reading

  • Feature 15 Mar 2016

    Microsoft TFS is here for your QA and test management needs

    Microsoft TFS offers organizations test management software, which integrates with Visual Studio to help improve communication when putting together software. Continue Reading

  • Feature 15 Mar 2016

    Clover: A code coverage tool that provides meaningful metrics

    For organizations looking to augment their software quality assurance testing process, look no further than Atlassian's code coverage tool, Clover. Continue Reading

  • Answer 05 Feb 2015

    Does a tester actually need test cases?

    Discover whether or not test cases are necessary in this expert answer by consultant Robin Goldsmith. Continue Reading

  • Tip 19 Nov 2014

    Five tools to improve embedded software testing efforts

    Embedded software testing tools are useful for catching defects during unit, integration and system testing. Here are five such tools that can make testing easier. Continue Reading

  • Video 08 Mar 2013

    What's ailing enterprise software security management?

    Enterprise application security testing means not only finding security vulnerabilities, but tracking them down and putting an end to them. Continue Reading

  • News 19 Feb 2013

    Top ten mobile application threats to enterprise security

    Check out the top ten threats presented by enterprise mobile applications, according to the OWASP Mobile Security Project. Continue Reading

  • Tip 30 Mar 2012

    Security testing for unvalidated redirects and forwards

    Security expert John Overbaugh gives security testers the information they need in order to ensure the Web application code that they’re responsible for is protected. Continue Reading

  • Tip 31 Mar 2011

    Application security: Protecting application availability, data confidentiality and integrity

    Network security and application security are both important in keeping your applications safe from hackers. In this tip, security engineer John Overbaugh focuses on application security, which is needed to protect the confidentiality, availability and integrity of your application and its data. Learn more about various areas of security that need to be considered when designing secure applications. Continue Reading

  • Tip 09 Feb 2010

    Why use POST vs. GET to keep applications secure

    Although POST and GET HTTP requests essentially perform the same command on a Web server, a security expert says there are inherent dangers in using one over the other. Learn why one type of processing request provides more security for your Web application in this expert tip. Continue Reading

  • News 02 Dec 2009

    Using firewalls for software testing: Pros and cons

    Network firewalls, what are the pros and cons? Software expert chimes in on how firewalls protect valued data and deter unwwanted people from gaining access to applications. Continue Reading

  • News 03 Nov 2009

    Web application security best practices: Tips on implementation

    In this video, Hugh Thompson, founder of People Security, discusses Web application security best practices and strategies. Continue Reading

  • News 30 Sep 2009

    SMS attacks against BlackBerry certificate-handling flaw possible

    Research In Motion (RIM) warns that SMS attacks targeting BlackBerry users could take advantage of a certificate-handling flaw, tricking users into visiting an attack website. Continue Reading

  • News 18 Aug 2009

    Hackers caught in Hannaford, Heartland data breaches

    A federal grand jury has indicted a Miami man and two Russian hackers for their involvement in an international scheme to steal more than 130 million credit and debit card numbers from five companies. The indictment alleges the men conspired to conduct the largest credit and debit card data breach ever charged in the United States. Continue Reading

  • News 18 Aug 2009

    Twitter ban on Marines adds to panic

    In a surprisingly draconian move, the United States Marine Corps has decided to ban the use of social networking sites Facebook, Myspace and Twitter from all USMC-owned computers due to fears of malware and loss of secret data. This is a setback for this generation of citizen soldiers who were raised on this technology to communicate with friends and family back home. The action is an example of paranoia overtaking security decisions when there are other preventive steps that could be taken. Continue Reading

  • News 07 Jul 2009

    Adobe ColdFusion websites being compromised

    Adobe Systems Inc. is warning users of its ColdFusion application development platform of a vulnerability being actively targeted by attackers to compromise websites. A zero-day vulnerability in theColdFusion FCKeditor rich text editor enables users to compromise websites and view and edit files, Adobe said in its Adobe Product Security Incident Response Team (PSIRT) blog. The rich text editor is installed with ColdFusion 8. It is also used in earlier versions. A patch is expected to be released next week, Adobe said. Continue Reading

  • News 07 Jul 2009

    Attack code targets Microsoft ActiveX zero-day flaw

    Security researchers have detected a new drive-by exploit in the wild actively targeting a zero-day vulnerability in an ActiveX component that connects to the Microsoft DirectShow video streaming software. Microsoft issued a security advisory Monday calling the vulnerability in its Video ActiveX Control remotely exploitable with little user interaction when browsing with Internet Explorer. The ActiveX control msvidctl.dll connects to Microsoft DirectShow filters for use in capturing, recording, and playing video. The specific control is used by Windows Media Center to build filter graphs for recording and playing television video. Continue Reading

  • Tip 03 Feb 2009

    Web application security testing checklist

    Testing your Web application security is something that needs be taken seriously. The best way to be successful is to prepare in advance and know what to look for. Here's an essential elements checklist to help you get the most out of your Web application security testing. Continue Reading

  • Tip 18 Dec 2007

    How to define the scope of functional security testing

    With a many internal threats originating from applications, functional security testing is one of the most reliable ways to identify internal security vulnerabilities. Continue Reading

  • Tip 17 Dec 2007

    Cracking passwords the Web application way

    Don't make the mistake of thinking your Web site is secure just because it uses SSL. If you don't have proper login controls in place, attackers can crack passwords and get into the application. Continue Reading

  • Tip 20 Jun 2007

    How to test Web site login security

    Input validation is critical for the security of Web sites. Here's a techniques you can use to make sure your site isn't vulnerable to SQL injection. Continue Reading

  • Tip 13 Feb 2007

    I don't want a Web application security product; I want a solution

    The number of Web application security products available is enough to make your head spin. A better option is a total solution that handles all of your Web application security needs, says application security expert Anurag Agarwal. Continue Reading

  • News 02 Mar 2006

    Watchfire reports big picture on potential Web flaws

    Watchfire has readied a new edition of its security offering, aimed at teams that need to test many Web applications simultaneously. Continue Reading

  • News 13 Feb 2006

    Effects of domain hijacking can linger

    Malicious hackers who are able to hijack an organization's Web domain may be able to steal traffic from the legitimate Web site long after the domain has been restored to its owner, according to a recent report from the Web Application Security Consortium. Continue Reading

  • News 10 Jan 2006

    Digging into the Mercury-Systinet deal

    Columnist Phil Wainewright asks "Why did Systinet sell to Mercury?" Continue Reading

  • News 09 Jan 2006

    Mercury buys Systinet

    Mercury Interactive Corp. has agreed to buy SOA registry vendor Systinet Corp. for $105 million in cash. Continue Reading

  • News 05 Jan 2006

    CA gets Wily

    Computer Associates today purchased application management vendor Wily Technologies for $375 million in cash. Continue Reading

  • News 10 Oct 2005

    Mercury offers change time management

    Mercury Interactive will unveil its newest management suite this week, focusing on the change time management that will become a bigger issue as companies create and deploy a greater number of Web services. Continue Reading

  • News 18 Aug 2005

    Intel picks up XML networking play

    With its acquisition today of Sarvega, chipmaker Intel expands into the realm of XML and Web services performance optimization, adding a portfolio of products designed to accelerate the processing of XML workloads, increase network and XML firewall security, and reduce system management overhead. Continue Reading

  • News 06 Jul 2005

    WSDM roadmap laid out in Chicago

    At the Global Grid Forum executives from IBM, Hewlett-Packard and Computer Associates laid out their vision for the Web Services Distributed Management specificaiton. They agreed that WSDM would eventually lead to a point where Web services can be used to access and control enterprise IT management tools, bringing business management and operations into alignment. Continue Reading

  • News 07 Jun 2005

    ASG unveils starter kit for metadata management

    Allen Systems Group this week unveiled a SOA Starter Kit comprised of a metadata repository which recognizes an array of programming, command, middleware and database management systems, in both legacy and distributed environments. Continue Reading

  • News 07 Jun 2005

    Governance bridges management, IT gap

    Practical experience of service-oriented design and development is driving one critical requirement to the top of the agenda: the need for strong governance over developers. Continue Reading

  • News 06 Jun 2005

    Kenai Systems addresses development time testing

    eXamineXT, the latest testing tool from Web services security specialist Kenai systems, supports 20 different security vulnerability test cases out of the box. With the XT tool, developers can pick a vulnerability from a menu, import the WSDL and the tests are automatically generated. Continue Reading

  • News 26 May 2005

    Smart controls add logical approach to SOA

    Logic Library, provider of software development asset tools, this week unveiled Logidex 3.6. The latest release comes with a Smart Controls feature that makes it possible for organizations to govern the production process for reusable components, Web services and other software development assets within an SOA. Continue Reading

  • News 05 May 2005

    WSUnit 1.0, Web services testing tool, released

    WSUnit 1.0 provides automated and manual testing of Web Service consumers and provides a predictable and repeatable simulation of a Web Service that is ideal for unit and integration testing. Continue Reading

  • News 14 Apr 2005

    ESB, the missing link for SOA management

    While Web services, XML and a growing list of interoperability standards are providing the groundwork for service-oriented architectures (SOAs), the Enterprise Service Bus is emerging as the management layer needed to tie an SOA together, providing a cohesive, "virtual view" of everything from legacy systems, to Web services. Continue Reading

  • News 13 Apr 2005

    WebLayers provides governance for DoD

    A Department of Defense (DoD) agency has chosen the WebLayers Center, a product of governance software vendor WebLayers Inc., to provide governance and compliance for its XML, Web services and service-oriented architecture systems. The DoD will use the product to govern distributed UDDI registries to ensure that all published XML artifacts comply with the DoD enterprise policies. Continue Reading

  • News 24 Mar 2005

    WebLayers unveils SOA governance tool

    Weblayers recently unveiled a new tool to help companies effectively govern and ensure interoperability in SOA deployments. WebLayers Center 2.0, which focuses on the design and development process, provides governance policies for auditing and conformance; it also provides active enforcement through an SOA management console. Continue Reading

  • News 23 Mar 2005

    Infravio to manage mainframe Web services

    Infravio, a provider of Web services management software, allied with mainframe integration vendor GT Software on Monday. A new, integrated product offering will allow customers to use Infravio's Web services management suite to manage GT Software's Ivory mainframe-generated Web services. Continue Reading

  • News 23 Mar 2005

    nLayers gives SOAs more InSight

    Management appliance vendor nLayers last week announced improvements to its InSight product, including automatic application and infrastructure discovery. The updates to Insight 3.0 take a federated approach to the common configuration management database, allowing it to access system management repositories. Continue Reading

  • News 23 Mar 2005

    Web services 'Grind' under load testing

    In this tutorial, Jim Alateras examines Grinder, a load test framework for Web services. Using JUnit test cases and test scripts written in the Jython scripting language, he demonstrates how to load test a Web service on Grinder. Continue Reading

  • News 16 Mar 2005

    IBM harnesses Web services standard for BPM

    IBM is working to align and integrate Common Base Events (CBE) into its business process management capabilities. CBE, a component of the recently ratified Web Services Distributed Management standard, provides a common way of representing log information from different systems to make it easier to locate and isolate a business process problem. Continue Reading

  • News 16 Mar 2005

    WebLayers provides SOA governance to developers, CIOs

    WebLayers launched on Tuesday its WebLayers Center Version 2.0. The product suite includes enterprise-wide policy definition, configuration and management. It also features governance capabilities through active dashboards, which provide up-to-date compliance information and impact analysis reports Continue Reading

  • News 15 Mar 2005

    Tracking a SOA's movements

    In this article, David Linthicum examines various techniques for logging events and messages exchanged in a service-oriented architecture. He examines simple logging to track information flows and more sophisticated techniques such as message warehousing which can track the state for long-term, durable business transactions. Continue Reading

  • News 10 Mar 2005

    OASIS standardizes Web services management

    OASIS on Wednesday approved the Web Services Distributed Management (WSDM) specification as a standard. WSDM enables management applications to be built using Web services, allowing resources to be controlled by many managers through a single interface. Continue Reading

  • News 22 Feb 2005

    SOA management market to reach $200 million in 2005

    Reflecting on the recent results of a SOA management market survey , Phil Wainewright of Loosely Coupled predicts the SOA management market to reach close to $200 million in 2005. The report found that most early SOA production projects have been entrusted to small, specialist firms such as Actional, Amberpoint and Digital evolution, but the report also predicts that BEA, HP and IBM will make a big impact on the SOA management market once they release products in this space. Continue Reading

  • News 15 Jul 2004

    Eclipse plans new testing platform

    The Eclipse Foundation is expected to announce a project at LinuxWorld to develop an open source tools testing platform, which is an infrastructure where test and performance tools can be built. Intel, SAP, Compuware and others are involved. Continue Reading

  • News 24 Feb 2004

    New VMware server trims app-testing cycle

    Virtual machine vendor VMware's new GSX server stops server sprawl in Linux and Windows shops and has features that cut down application-testing times. Continue Reading

  • News 03 Dec 2003

    Simple strategies for securing and monitoring WS

    There are some relatively simple steps that organizations can take to secure and monitor most of their Web services. One of the easiest is to set up a mutual SSL. However, abuses can still occur, so enterprises also need to deploy a monitoring tool to help them "see" the identity of the clients accessing each of their Web services. Continue Reading

  • News 03 Dec 2003

    OASIS approves UBL 1.0 beta for testing

    The OASIS standards body has released a test version of the Universal Business Language, which is described as a royalty-free library of XML-based e-business documents. Jon Bosak, head of the OASIS panel working on the draft standard, said that UBL 1.0 "is intended to be the starting point for a standard markup language for basic business documents like purchase orders and invoices." Continue Reading

Cloud Computing
App Architecture
ITOperations
TheServerSide.com
SearchAWS
Close