AgileConnection | Agile Software Development Q&A and How-to Advice

Conference Presentations

	Preventing Security Breaches at the Source Security is a complex and often overwhelming issue. You cannot rely solely on trying to prevent hackers from entering your systems. Instead, you must ensure that the system safeguards itself if a hacker does break in. Three of the most common internal software weaknesses hackers exploit are dangerously constructed SQL, buffer overflows, and runtime exceptions that are not properly handled. Although testing existing code for these defects can help, it is not fool proof. You also need to make a concerted effort to prevent security vulnerabilities from being introduced as the team is writing code. Through the application of practices, such as static analysis, dynamic analysis, unit testing, and runtime error detection, you can jumpstart your security efforts and keep the hackers at bay. The most common internal software weaknesses that hackers exploit	Sergei Sokolov, ParaSoft Corporation
	Go on Offense: Prevent Web Application Security Breaches You must successfully test your browser-based applications before hackers do the job for you! Whether you have to worry about critical business applications or government compliance issues like HIPPA (Health Insurance Portability and Accountability Act of 1996) or GLBA (Financial Services Modernization Act of 1999), security failures can cost your organization big dollars, unnecessary embarrassment, or both. Hackers have gone beyond simple exploits of open IP ports and standard applications such as Telnet, FTP, and Sendmail, turning their attention to commercial and custom Web applications. To thwart the hackers, test engineers must focus their efforts on common and uncommon security vulnerabilities within the application, including SQL injections, session hijacking, cross-site scripting, and more.	Dennis Hurst, SPI Dynamics Inc
	Questions to Ask a Software Vendor about Security (and Verify) before Purchase How do you choose which software vendor's product to buy? For a long time, CRM packages, ERP systems, and other commercial software selection criteria have come down to factors such as performance, compatibility, reputation of the vendor, support, and price. Security, though, has become a looming factor in the total cost of ownership and the risk of selecting one software product over another. Ed Adams describes the tough questions you need to ask vendors about security and how to extract critical information from them. Find out the steps to verify that their statements are accurate and their answers complete. With an approach for quantifying security risk before purchase, your organization will make more informed acquisition decisions. A security assessment approach for purchased software packages Quantifying security risk in software packages before purchase	Ed Adams, Security Innovation LLC
	End to End Security: Building Products Right How do you build a product that is secure? Why are some products inherently more secure than others? Join Richard Ford as he shares his experiences, both building products and teaching other developers how to think about security. All too often, computer security is the last thing considered when building a new product; that is, security is relegated to a "bolt on" ... something to be added to the product before it can be shipped. You will see demonstrations of security flaws that illustrate why security should be considered at every stage in the product process, from initial idea to golden master… and beyond. Learn to think about security holistically and take away a checklist of issues to consider at every step in the product lifecycle. Finally, gain insight into ways of building a development culture that is security aware and maintaining an efficient but secure corporate culture.	Richard Ford, Florida Institute of Technology
	The Enemy Within Not all threats come from outsiders. In an era of downsizing, layoffs, and pay cuts, sometimes it's your own disgruntled employees (or ex-employees) who are targeting you. Get some tips to help you protect your software from sabotage.	Clarke Ching December 3, 2004
	Damage Control Turn to The Last Word, where software professionals who care about quality give you their opinions on hot topics. This month, read why perhaps software should come equipped with seat belts and an air bag.	Eric Rescorla December 3, 2004
	A Killer Bug for the New Millenium We're pleased to bring you technical editors who are well respected in their fields. Get their take on everything that relates to the industry, technically speaking. In this issue, find out why our guest editor thinks he's found the bug that will once again bring testers to the forefront—a bug that dwarfs Y2K and could put big, rich software companies out of business.	James Whittaker December 1, 2004
	Case Your Own Joint Hackers are going to probe your system looking for weak spots and holes. What will they find? Learn how to uncover your own security vulnerabilities before the bad guys do.	Chris Wysopal November 30, 2004
	Warning: Security Storm Brewing For too long now, consumers have been bailing, patching, and plugging their software each time a new security hole is discovered. And they've been absorbing the damage done by the leaks. A wave of security-conscious buyers is rising, demanding software that is sound and secure by design. Are you ready to give it to them? Find out why you should be.	Herbert H. Thompson November 30, 2004
	Preventing Web Service Security Breaches Because Web services are especially vulnerable to security breaches, verifying the integrity of Web services is critical to successful deployment. By adopting specific white-box testing techniques at the unit and system level, testers can better ensure the security and dependability of the Web services application their company produces. Learn what you can do to test Web services for conditions and input data that are not expected and fix security problems before they harm your organization. Find security problems with specific white-box test techniques Ensure proper functionality, interoperability, and security of Web services Web services testing issues for developers and QA testers	Gary Brunell, ParaSoft Corporation

Pages

Recommended Web Seminars

May 16	Test Ahead of the Curve: Insights for Developing a Superior Test Coverage
May 23	How Generative AI Boosts Speed and Quality in Software Testing
On Demand	Building Confidence in Your Automation
On Demand	Leveraging Open Source Tools for DevSecOps
On Demand	Five Reasons Why Agile Isn't Working

Featured Resources

Introduction to Containers eGuide | TechWell

Scrum Master Essentials eGuide | TechWell

The Total Economic Impact of Keysight Eggplant Test Automation Software | Keysight

Test Automation eGuide | TechWell

Build vs. Buy: The Hidden Costs of In-House Software Test Automation | Keysight

Visit Our Other Communities

Where configuration management and development professionals go for answers on SCM, ALM, change management, DevOps, tools and more.

The home for software testing and QA professionals—practical advice on test automation, test management, test techniques, and more.

AgileConnection is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.