StickyMinds.com: Security

Training

Conferences

About Us

Advertise

SQE.com

StickyMinds.com: brain food for building better software

Search For:

Home > Topics > Security


	Show Some Respect to Cross-Site Scripting James Bond, Mr. Creosote, and Don Corleone are just some of the personas Bryan Sullivan uses for security vulnerabilities. In this week's column, Bryan pays homage to the one vulnerability that gets the least respect, cross-site scripting (XSS), and calls it the Rodney Dangerfield of vulnerabilities. The problem is that XSS vulnerabilities are...Read On
	Show All Articles & Papers

The Top 10 hacks that will be launched against your code!
We often think we have developed and tested our applications for security, but in reality most application attacks take advantage of code defects that development and QA teams don't find. Hackers use various techniques leveraging code weaknesses, mis-configurations and web server vulnerabilities to obtain full access and steal your most sensitive information. Download this free white paper and learn how hackers develop and launch these application attacks. Download this complimentary white paper from HP.

From the Conference Archives

Software Security Testing: It's Not Just for Functions Anymore
By Gary McGraw
Security testing comes in two flavors and involves standard functional security testing (making sure that the security apparatus works as advertised), as well as risk-based testing (malicious testing that simulates attacks). Risk-based security testing should be driven by architectural risk analysis, abuse and misuse cases, and attack patterns. Unfortunately, first generation "application security" testing misses the mark on all fronts. That's because canned black-box probes—at best—can show you that things are broken, but say very little about the total security posture. Read Gary McGraw's presentation outline to learn what software security testing should look like, what kinds of knowledge testers must have to carry out such testing, and what the results may say about security.

The Security Development Lifecycle

Mark J. Christensen, Richard Thayer

Pages: 352 Published: 2006

Description: The software industry has been struggling with how to create and release software that is more security-enhanced and reliable--the Security Development Lifecycle (SDL)...More

SQL Data Generator
Vendor: Red Gate Software Ltd.
Description: SQL Data Generator populates MS SQL Server databases with realistic...Read On

SECURITY

A Critical Line of Defense

By Herbert H. Thompson
Tackle software vulnerabilities at the root--in the applications Read on


	Show All Articles & Papers Templates Links Books Tools


	Testing Training Courses Software Testing Certification, Systematic Software Testing, Test Management, Mastering Test Design, Just-in-time Testing Software Engineering Training Mastering the Requirements Process, Requirements Modeling, Introduction to the Capability Maturity Model Integration, Business-Driven Software Measurement Agile Software Development Training Scrum Master Implementation Workshop, User Stories and Estimation in Agile Development, Design Patterns Explained, Practical Test-Driven Development

	Census: Web-based Bug Tracking and Defect Tracking Track software bugs, defects, enhancements, support calls, and more. Issue tracking software that is scaleable, fully customizable and integrated with VSS. Includes e-mail notifications, role-based workflow, change history, and Crystal reporting.
	New Webcast: How to Profit with Remote Support. Discover how REMOTE SUPPORT can fuel your IT business in ways you've never thought of before.
	Need Agile Test Cases? Create statistically complete test cases simply and quickly.
	Check Out IT Certification Preparation Materials Sign Up With SkillSoft & Get Access to Training Materials for Over 50 Professional Certifications.
	Build IT Knowledge with Current & Trusted Content Helps Employees Develop & Hone New Technical Programming Skills. Sign Up & Get Full Access.