Does security have a place at the DevOps table?

Software Development Methodology

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Can fuzzing identify cross-site scripting (XSS) vulnerabilities?

    Fuzzing may find weaknesses in software, but the testing process can't find every flaw. Ed Skoudis explains what other tools are necessary when looking for cross-site scripting vulnerabilities. 

  • Automated app scanners simplify security

    Application scanning tool vendors are growing in popularity driven by the growing need to discover exploitable holes in static and dynamic Web code. 

  • How to avoid dangling pointers: Tiny programming errors leave serious security vulnerabilities

    For years, many have said that there is no practical way to exploit a dangling pointer, a common application programming error. But these software bugs should no longer be thought of as simple quality-assurance problems. Michael Cobb explains how th... 

  • Will new Sulley framework take fuzzing to next level?

    Pedram Amini, head of TippingPoint's security research group, has been busy with Aaron Portnoy, touting a new tool for functional protocol testing (also known as "black-box testing" or "fuzzing,"). He co-wrote the recently-released book "Fuzzing: Bru... 

  • Can dynamic and static verification secure a platform?

    The best software testing approach is to use a combination of static and dynamic verification tools that continually check for technical and logical vulnerabilities during the development cycle. Expert Michael Cobb examines each testing procedure in ... 

  • Should third-party software tools be used to customize applications?

    Many features and functions required for today's network-ready applications can be purchased at a fraction of the cost that it would take to build them independently. But are they safe enough? Application security expert Michael Cobb explains. 

  • Is a merger or acquisition in Sourcefire's future?

    It's been a busy year for Sourcefire Inc. founder and Chief Technology Officer Martin Roesch, creator of the widely popular Snort open source IDS tool. In November he announced that Sourcefire had filed with the U.S. Securities and Exchange Commissio... 

  • The Art of Software Security Testing

    Read an excerpt from the book, The Art of Software Security Testing: Identifying Software Security Flaws. In Chapter 11, "Local Fault Injection," the authors explain the proper methods for examining file formats. 

  • heuristics

    Heuristics is the application of experience-derived knowledge to a problem and is sometimes used to describe software that screens and filters out messages likely to contain a computer virus or other undesirable content. 

  • Watchfire will help IBM build application security

    Analysts have been pushing the Security 3.0 concept this week at Gartner's IT Security Summit, and one analyst says IBM's acquisition of Watchfire illustrates the trend.