SoftwareTestPro.com Security Feed

Risk Management IV - A New Hope

matt.heusser@gmail.com — Mon, 06 Aug 2012 18:47:14 -0600

Where Matt talks about a few elements of risk management you may not have considered

Another Software Security Testing Thought...

dan.alloun@intel.com — Thu, 19 Apr 2012 08:00:00 -0600

Yeah!! STPCon Spring 2012 edition is just over, but still plenty of emotions and good stuff to follow up with... It was so great to have this opportunity to share and discuss with other professionals.

Software Security Testing – Are You Committed?

dan.alloun@intel.com — Thu, 09 Feb 2012 11:00:00 -0700

Looking at our products, they're filled with assets to protect; it could be sensitive data, Intellectual Property or critical functionality. Without doubt some mechanisms are already in place to protect them, but how much do you invest in testing the robustness of these mechanisms? Do you know how to evaluate the risk of having any of them unintentionally exposed?

Enterprise Security: Now, More Than Ever

ashwin.palaparthi@gmail.com — Thu, 01 Dec 2011 11:00:00 -0700

Enterprise security primarily comprising of data protection and privacy continues to be an area of focus for enterprises, be it on the production or the non-production side of the entity. Little wonder enterprise security spending remained surprisingly resistant to enterprise budget pressures even during the recent economic mayhem.

Who is Watching Your Test Data?

daven.kruse@gmail.com — Tue, 23 Aug 2011 00:00:00 -0600

Is your project looking for ways to reduce invalid defects, maintain a consistently clean testing environment, and increase the effectiveness of its development resources? Look no further than test data.

Three Project Tips

matt.heusser@gmail.com — Mon, 25 Jul 2011 10:54:27 -0600

Where Matt discussed three different dynamics on software projects -- and what to do about them

Ross Collard - 2011 Luminary Award Winner

rbaucom@redwoodcollaborative.com — Tue, 19 Jul 2011 13:00:00 -0600

Ross Collard has been called a “Jedi master” by the founding President of the Association for Software Testing. Other unsolicited statements call him a “giant of the field” with a “great wealth of knowledge”, and a “moral and intellectual thought leader”.

Security Testing – Web App – Some Tips For Newbies

st@moolya.com — Tue, 05 Jul 2011 11:00:00 -0600

If you’re interested in security testing web applications, these tips will help a non-security tester to consider some techniques to get started. The world of security testing is perhaps the most important, yet it’s often the most neglected aspect to testing. A lack of security testing opens an organization to business risks and could have severe implications to the financial future of a company. If you haven’t made security testing part of your repertoire, consider integrating it today into your regular test suite.

Day 3 - STPCon 2010 Final Day

rbaucom@redwoodcollaborative.com — Thu, 21 Oct 2010 07:51:00 -0600

This is it, the final day of STPCon 2010 - What do we have planned?

Source of (test) power - II

matt.heusser@gmail.com — Tue, 14 Sep 2010 04:57:05 -0600

Where does power come from?

Cigital Names Peter Esparrago as President

jrovansek@redwoodco.com — Mon, 13 Sep 2010 08:48:58 -0600

DULLES, Va., September 07, 2010-Cigital, Inc., a leading software security consulting firm, today announced the appointment of Peter Esparrago as President. Mr. Esparrago is a global technology executive with over 25 years of experience in a wide variety of industries.

Cigital Releases Groundbreaking Software Security Training for Developers

jrovansek@redwoodco.com — Thu, 12 Aug 2010 14:00:00 -0600

Cigital Releases Groundbreaking Software Security Training for Developers Immediate Feedback Provides Key to Long-Term Change

Quality Vs. Quantity - I

matt.heusser@gmail.com — Tue, 13 Jul 2010 00:02:32 -0600

If culture is defined as things we believe that we aren't even aware of about how the world works, then when it comes to how to make decisions, there is a sort of culture war going on in the hearts of people all over the world. Matt Heusser wants to talk about why he chose a road less travelled.

Security Matters

matt.heusser@gmail.com — Tue, 22 Jun 2010 05:00:48 -0600

If you run your business on the web, then exposing all of your customer's data is just a security bug away

Security Tools Must Support An Existing Process Not Define a New One

dkosorok@ldschurch.org — Thu, 03 Jun 2010 10:04:44 -0600

Trying to introduce Security Testing into your software process can be tricky, just like teaching an old dog new tricks. A good first step would be to introduce a great security tool into an existing process. For example, introduce static source code analysis by adding it to the end of your automated build process. The initial ramp up cost is low, the change in process churn is low, but the value can be very high.

Oh the Irony!

matt.heusser@gmail.com — Tue, 30 Mar 2010 13:30:36 -0600

So last week I wrote an article for SearchSoftwareQuality on Quick Attacks for Web Security.

TQA- Review “The Definitive Guide to Quality Application Delivery” by Don Jones an e-book.

rhand@softwaretestpro.com — Tue, 30 Mar 2010 07:00:00 -0600

If you are part of the STP community you have received the opportunity to download a new e-book, “The Definitive Guide to Quality Application Delivery” by Don Jones sponsored by Micro Focus. This guide is an extremely comprehensive effort, and I have been finding it very helpful in my education about the role of testing in the Software Development Life Cycle. As a quality/testing professional you may find it interesting for different reasons but I thought I would share some thoughts and try to encourage you to take advantage of this complimentary resource from STP on behalf of the book’s sponsor Micro Focus.

This book is a complete guide so I can’t share it all but I chose some excerpts that I found interesting. The book is over 200 pages jammed packed with great resources for the testing professional and all functional roles in the development of quality applications. Don Jones does a great job organizing …

Don't Leave Security for Last

cec1e62c6abde98@stpcollab.com — Wed, 03 Mar 2010 08:00:00 -0700

At the peak of the dot-com boom, my firm consulted extensively for large organizations concerned about the risks of Internet-based applications. My experience with one client in particular—we’ll call it Company X to protect its identity—remains the most palpable argument for integrating security throughout the software lifecycle.

Of Security, Finance and Other Practical Matters

rcollar@attglobal.net — Mon, 01 Mar 2010 08:00:00 -0700

As guest editor for this issue of STP, I was asked to select the theme and to recommend authors. My theme can be summarized as “topics that intrigue me this month,” which (I claim) is more an enlightened than a haphazard assortment. I am proud to bring you some of the best new thinking in software security, financial software testing, practical experiences in performance testing, and testing centers of excellence.

Financial Software Testing

bernie@testassured.com — Mon, 01 Mar 2010 08:00:00 -0700

Wall Street crises and other market madness intensify the pressure to improve transparency, speed and accuracy.

The Potential of Load Testing in the Cloud

amuns@stpcollaborative.com — Mon, 01 Feb 2010 08:00:00 -0700

Andrew Muns sits down with Tom Lounibos, the CEO of SOASTA

Testing Web 2.0 Apps

matt.heusser@gmail.com — Wed, 06 Jan 2010 11:44:50 -0700

I did at talk at STPCon this year on Testing Web 2.

The Power of 10

Thu, 01 Oct 2009 07:00:00 -0600

In life-critical software, undiscovered bugs can be fatal. These simple rules can improve the quality and reliability of any application.

Use Case, Schmoose Case

224@stpcollab.com — Tue, 15 Sep 2009 07:00:00 -0600

Someone failed to account for indecision, and it ruined a perfectly good TV experience. OK, no one died, but when a test team assumes that users know precisely what they want, they might be missing revenues from flip-flopping potential customers

Static, Dynamic Analysis: Separate Cooperation

joel@joelshore.com — Fri, 01 May 2009 07:00:00 -0600

Static and dynamic analysis—they run separately but work together.