Software Security Testing Tools
Top Stories
-
Tip
29 Oct 2021
Follow these database testing basics for better data
Data is typically a company's most valuable asset. The data should be treated as such, with vigorous, almost constant testing, regardless of its location. Continue Reading
-
News
19 Dec 2019
Azure confidential computing, AWS aim to better secure cloud data
Microsoft's confidential computing for Kubernetes and AWS' upcoming Nitro Enclaves both aim to give IT pros ways to create isolated compute environments for sensitive data. Continue Reading
-
News
01 Nov 2019
Atlassian CISO Adrian Ludwig shares DevOps security outlook
Atlassian's CISO believes that eventually, application security mechanisms will be absorbed completely into Agile and DevOps tools -- including his own company's products. Continue Reading
-
Tip
30 Sep 2019
Implement a DevSecOps pipeline to boost releases' security posture
Break security out of its silo, and get the whole team on board to create a culture of quality with the right tools at the right time -- and stop blindly rushing to release. Continue Reading
-
Tip
06 Feb 2019
How to create a more effective application security program
To mitigate software-related security risks, fine-tune your application security program to get the right people involved, document your standards and manage your weak points. Continue Reading
-
News
09 Nov 2018
Enterprise devs win with Veracode's SaaS security spinout
Independent once again, Veracode will focus on its cloud-based test services that enable developers to add security to the software development lifecycle. Continue Reading
-
News
19 Sep 2018
Sumo Logic breaks security data silos with cloud SIEM
Sumo Logic has added cloud security monitoring features that put security in context with business intelligence analytics. Continue Reading
-
News
13 Jul 2018
IBM blockchain apps starter pack targets developer disparity
With demand high for blockchain development expertise, IBM has delivered a new blockchain-as-a-service offering that helps developers learn the basics of the database ledger. Continue Reading
-
Feature
04 Jun 2018
OSS security requires DIY scrutiny, not trusting 'many eyes'
How many ways can hackers exploit the security flaws in open source? Cybersecurity experts count the ways and the approaches that can prevent costly security breaches. Continue Reading
-
Feature
21 May 2018
Amp up OSS security with these steps
A test vendor's CTO describes the OSS security mistakes that enterprises make, such as not patching vulnerabilities or inaccurate inventory dependencies. Continue Reading
-
Feature
15 May 2018
10 important automated testing best practices to implement
QA and test pros give advice on how to craft software test automation strategies that can speed app deployment. They also share their criteria for choosing automated test tools. Continue Reading
-
Answer
26 Apr 2018
Automated security testing frees devs to prevent breaches
Common software security mistakes include testing at the last minute and not testing open source code and VMs. Expert Matt Heusser suggests ways to avoid these and other missteps. Continue Reading
-
News
18 Apr 2018
Failure to secure open source code spurs DevSecOps boom
A survey of over 2,000 IT pros shows that fear of data breaches is increasing investments in DevSecOps tools, particularly automated security tools and oversight of open source software. Continue Reading
-
Opinion
16 Apr 2018
How a DevSecOps process gives security a voice
Security teams have worked quietly in the background of software quality projects for years. The DevSecOps process puts the long-lost co-worker, security, front and center. Continue Reading
-
Tip
06 Mar 2018
A complete beginner's guide to blending DevOps and security
DevSecOps sounds like a mouthful for those new to DevOps, but building security in from the start is key to DevOps success. Expert Kevin Beaver explains. Continue Reading
-
Tip
20 Feb 2018
A comprehensive beginner's guide to DevOps for developers
Starting DevOps in your organization and not sure where to begin? Cameron McKenzie explains everything a developer needs to know to successfully begin the DevOps process. Continue Reading
-
Feature
15 Mar 2016
Microsoft TFS is here for your QA and test management needs
Microsoft TFS offers organizations test management software, which integrates with Visual Studio to help improve communication when putting together software. Continue Reading
-
Feature
15 Mar 2016
Clover: A code coverage tool that provides meaningful metrics
For organizations looking to augment their software quality assurance testing process, look no further than Atlassian's code coverage tool, Clover. Continue Reading
-
Tip
19 Nov 2014
Five tools to improve embedded software testing efforts
Embedded software testing tools are useful for catching defects during unit, integration and system testing. Here are five such tools that can make testing easier. Continue Reading
-
News
19 Feb 2013
Top ten mobile application threats to enterprise security
Check out the top ten threats presented by enterprise mobile applications, according to the OWASP Mobile Security Project. Continue Reading
-
Tip
30 Mar 2012
Security testing for unvalidated redirects and forwards
Security expert John Overbaugh gives security testers the information they need in order to ensure the Web application code that they’re responsible for is protected. Continue Reading
-
Tip
31 Mar 2011
Application security: Protecting application availability, data confidentiality and integrity
Network security and application security are both important in keeping your applications safe from hackers. In this tip, security engineer John Overbaugh focuses on application security, which is needed to protect the confidentiality, availability and integrity of your application and its data. Learn more about various areas of security that need to be considered when designing secure applications. Continue Reading
-
News
30 Jun 2010
Coverity 5 aims to discover and destroy software bugs
Coverity recently announced its fifth software rendition of their bug tracking, reporting and elimination tool. This new version aids testers with improved usability features and updated tracking, detection and defect deletion metrics. Continue Reading
-
News
12 Jan 2010
Why you don't need to buy a testing tool, except when you do
Software application testing expert explains proper software testing tool selection, what to look for in tools, vendors and customer service, when you need a tool and when you can get by without one. Continue Reading
-
News
18 Aug 2009
Twitter ban on Marines adds to panic
In a surprisingly draconian move, the United States Marine Corps has decided to ban the use of social networking sites Facebook, Myspace and Twitter from all USMC-owned computers due to fears of malware and loss of secret data. This is a setback for this generation of citizen soldiers who were raised on this technology to communicate with friends and family back home. The action is an example of paranoia overtaking security decisions when there are other preventive steps that could be taken. Continue Reading
-
News
18 Aug 2009
Hackers caught in Hannaford, Heartland data breaches
A federal grand jury has indicted a Miami man and two Russian hackers for their involvement in an international scheme to steal more than 130 million credit and debit card numbers from five companies. The indictment alleges the men conspired to conduct the largest credit and debit card data breach ever charged in the United States. Continue Reading
-
News
07 Jul 2009
Adobe ColdFusion websites being compromised
Adobe Systems Inc. is warning users of its ColdFusion application development platform of a vulnerability being actively targeted by attackers to compromise websites. A zero-day vulnerability in theColdFusion FCKeditor rich text editor enables users to compromise websites and view and edit files, Adobe said in its Adobe Product Security Incident Response Team (PSIRT) blog. The rich text editor is installed with ColdFusion 8. It is also used in earlier versions. A patch is expected to be released next week, Adobe said. Continue Reading
-
News
07 Jul 2009
Attack code targets Microsoft ActiveX zero-day flaw
Security researchers have detected a new drive-by exploit in the wild actively targeting a zero-day vulnerability in an ActiveX component that connects to the Microsoft DirectShow video streaming software. Microsoft issued a security advisory Monday calling the vulnerability in its Video ActiveX Control remotely exploitable with little user interaction when browsing with Internet Explorer. The ActiveX control msvidctl.dll connects to Microsoft DirectShow filters for use in capturing, recording, and playing video. The specific control is used by Windows Media Center to build filter graphs for recording and playing television video. Continue Reading
-
Tip
17 Dec 2007
Cracking passwords the Web application way
Don't make the mistake of thinking your Web site is secure just because it uses SSL. If you don't have proper login controls in place, attackers can crack passwords and get into the application. Continue Reading
-
Answer
23 Oct 2007
Free load and performance testing tools
What is a good choice for a free load testing tool? Expert Dan Cornell offers his advice and explains how to get started with your testing tool. Continue Reading
-
Tip
23 Jun 2007
What to look for in a Web application security testing tool
If you do a lot of Web application security scanning, any testing tool you use must have these features, says security expert Kevin Beaver. They will save you lots of time and effort and will increase the number of valid vulnerabilities found. Continue Reading
-
Tip
13 Feb 2007
I don't want a Web application security product; I want a solution
The number of Web application security products available is enough to make your head spin. A better option is a total solution that handles all of your Web application security needs, says application security expert Anurag Agarwal. Continue Reading