For Security & Risk Professionals

Know Your Code: How Static Analysis Tools Make Applications More Secure

by Chenxi Wang, Ph.D., Andrew Jaquith, November 20, 2009

Many companies, besieged by audit findings and application vulnerabilities, recognize the benefits of eliminating security vulnerabilities early in the software life cycle. For this reason, static analysis technologies for analyzing code-level security . . .

For Security & Risk Professionals

TechRadar™ For SRM Professionals: Application Security, Q3 2009

Application Security Comes Of Age Despite A Slowdown In Security Spend

by Chenxi Wang, Ph.D., July 8, 2009

As application-level exploits continue to generate headline news, security professionals increasingly look to application security measures to protect their organizations. To succeed, security professionals must understand the maturity of the various . . .

For Security & Risk Professionals

Inquiry Spotlight: Application Security, Q4 2008

by Chenxi Wang, Ph.D., October 17, 2008

The issue of application security is increasingly important for security professionals in today's ever-evolving application vulnerability landscape. But Forrester's data shows a clear disconnect between perceived importance of application security and . . .

For Application Development & Program Management Professionals

HP And IBM Try To Pull Security Testing Into The Mainstream

by Chenxi Wang, Ph.D., September 21, 2007

Recently, two major platform vendors announced acquisitions of security testing vendors: IBM announced its intent to acquire Watchfire on June 6, 2007, and HP announced its intent to acquire SPI Dynamics on June 19, 2007. In both cases, the platform vendors . . .

Trends 2006: Application Security Testing

Security Is A Component Of Quality, So QA Should Perform Security Testing

by Michael Gavin, January 24, 2006

Awareness of software security issues gained some traction in 2005, and the new wisdom is for enterprises to test applications for security in addition to functionality, performance, and usability prior to deployment. If you have never addressed the security . . .

For Application Development & Program Management Professionals

Test Databases Are Vulnerable, Too

Data Masking, Controlled Access, And An Isolated Network Can Minimize Risk

by Noel Yuhanna, March 31, 2005

When it comes to securing private data, all databases — production and nonproduction — should be treated equally. It's the data that counts, not the type of database. Test databases are often replicas of production data, and if they store private data . . .

Code-Signing Certificates Exhibit Major Flaw

by Jonathan Penn, March 28, 2001

Unfortunately, this event is going to give a black eye to the entire PKI market. It reveals one of the PKI industry's dirty little secrets: certificate validation is an aspect of trust management that is often overlooked and not implemented.

Best Practices in Security: Make Sure Source Code Matches Corresponding Load Modules

by Phil Rosch, March 16, 2001

As developers cut corners, reacting to the cost of mainframe computing, worse and worse source code problems have emerged. Recertifying source code is a good way to secure the integrity of the production environment.