Security

Articles

The Case for Ethics in Software Testing

Analyzing a software project's ethical ramifications is as much a part of testing as analyzing a program for likely failures. As a tester and a philosopher, Rick Scott asks you to consider what ethical responsibilities testers have and to reflect on what a tester's code of ethics might look like.

Rick Scott's picture Rick Scott
Software Security: Managing the Attack Surface

We are a gadget-loving society and we love our gadgets to do fun things that keep us entertained or go above and beyond basic functionality. When it comes to our technological wonders, we are attracted by the "cool factor." As Bryan Sullivan notes in this article, unfortuntately those bells and whistles come with a price that must be paid for the sake of security.

Bryan Sullivan's picture Bryan Sullivan
More Free Security Tools

Times are tough, but people who want to break your software aren't relaxing and neither should you. In this column, Bryan Sullivan takes a look at some free security tools that can help you to protect your software without breaking the bank.

Bryan Sullivan's picture Bryan Sullivan
Security Testing: What Fresh Hell Is This?

Testing an application or code for security vulnerabilities is downright difficult—sometimes almost impossible. That is why Linda Hayes, a QA expert, is always searching for new tools that can help her test like a security expert. Linda discusses some of the challenges developers, QA analysts, and testers face when trying to ensure that software is secure. She also offers some solutions that simplify security testing.

Linda Hayes's picture Linda Hayes
Changing the QA Mindset for Rich Internet Applications

Today's Rich Internet Applications (RIAs) bear about as much resemblance to the early Web sites of the 1990s as today's cars bear to a Model T. While the principle may be the same, the underlying technology is radically different. While safety testing for automobiles has improved significantly in the past hundred years, though, Web-application testing remains stuck in a 1990s mindset. In this week's column, Bryan Sullivan explains that QA must change its testing approach in order to maintain the security of the code.

Bryan Sullivan's picture Bryan Sullivan
Security Starts with Requirements

Secure software development begins with explicitly addressing security in software requirements. In this week's column, Jason Schmitt explains how security requirements should set expectations of development, which enables quality assurance to plan for and conduct more effective security testing.

Jason Schmitt
Locking Down Wireless

Organizations are feeling the heat regarding application security. Gone are the days when security breaches could be pushed aside or dealt with behind closed doors. Since the beginning of 2005, several security breaches have made front-page news. While it is unclear how many can be blamed on insecure technology, it is obvious that security is quickly becoming an area of great concern.

Brad Arkin
Reducing Your Cost of Quality

How high is your cost of quality?  The answer might surprise you.  Yes, it includes reviews, the QA infrastructure, and preparing tests. Those are your appraisal costs. But how high are your failure Cost (the cost of defects)?

 

Alan S. Koch
Object Reuse Within the Enterprise: A Report From the Field

Code reuse and especially object reuse is not a new topic.  Software professionals have been talking about reuse for decades, but somehow true reuse still eludes virtually every organization engaged in software development.  Scanning through the literature on reuse one can find plenty of articles on the benefits of reuse and even quite a few sources on object oriented design principles that best lead to reuse.  What is missing, are success stories and practical advice on how to make reuse a reality within your organization.  That’s where this article differs.

Maciej Zawadzki
Security Exercise Challenges Many, Stumps Some

Security Innovations is hosting a security tester challenge at several conferences this year. Conference delegates at the recent STAREAST 2004 and RSA events lined up to take a shot at finding the security flaws in a sample Web site built expressly for the challenge. Who won, what was the prize, and where will this challenge be next? Read Pamela Young's review of Security Innovations Security Challenge to find out.

Pam Young

Pages

StickyMinds is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.