Parasoft Resources Center: Application Security

Security Has Landed in the World of Embedded Software Testing   by Jason Schadewald (Product Manager)

Security has finally landed as a hot topic in the world of embedded devices. Two key themes from last week's Design West conference: a) security is everyone's job and 2) build security in.

Exposing Your APIs = Opening Your Home to Bears?   by Wayne Ariola (Chief Strategy Officer), Cynthia Dunlop (Lead Technical Writer)

Exposing an API to your application is as risky as installing a doggie door into your house—as a recent incident with a bear aptly illustrates.

Parasoft API Testing Solution Sheet - 1,029 KB PDF

Learn how Parasoft's API Testing solution simplifies the complex testing that’s vital for secure, reliable, and compliant composite applications.

Parasoft TV: What's Needed for API Integrity

Learn about the top challenges to API integrity and the strategies and best practices for reducing the risks associated with each challenge.

Parasoft TV: Cloudy with a Chance of Cyber Attacks

Learn about 1) New cloud service technologies that have made software infrastructure more vulnerable. 2) The exorbitant costs of failing to meet security standards. 3) The most effective development testing solution for improving application security.

Java Application Security eKit

In this Java Development Security eKit, you'll gain insight on how to reduce risks of cyber attacks, such as DDoS and SQL injections.

Achieving Java Application Security with Parasoft Jtest   by Marek Kucharski (President Parasoft SA, VP of Dev), Arthur Hicken (Evangelist), Adam Trujillo (Technical Writer)

Organizations taking to the cloud must be wary distributed denial-of-service attacks (DDOS) and SQL injections (SQLi) and other cyber-attacks. In this paper, you'll learn how to build security into your Java application.

4 Software Quality Predictions for 2012   by Arthur Hicken (Evangelist), Cynthia Dunlop (Lead Technical Writer)

Read Arthur Hicken's predictions re: SQL injection, cloud quality, component testing, Kindle Fire caching testing.

Input Validation: Immunity Against Web Attacks   by Arthur Hicken (Evangelist), Cynthia Dunlop (Lead Technical Writer)

Explains how to prevent injection attacks by using input validation and static analysis to build security into your application.

Foundations of Secure Application Development - 44 KB PDF

Explains why approaching security as a bug-finding exercise is risky and inefficient, and then explains how to make your web sites immune to attacks —including the SQL injections, Lizamoon mass injections & mesh injections.

Success with Static Analysis for Security: Why Code Audits Fail , Parasoft White Paper

Explains why and how to apply static analysis tools in the context of a policy-based security process that not only prevents security vulnerabilities, but also focuses on SDLC productivity.

Establishing a Continuous Process for PCI DSS Compliance , Parasoft White Paper

Details how Parasoft reduces the time and cost of PCI DSS compliance.

Cisco Case Study - 550 KB PDF

To comply with corporate quality and security initiatives, Cisco Systems adopted static analysis, unit testing and code review. Learn how they automated these practices and seamlessly integrated them into their existing processes to deliver compliant code without impeding productivity.

MedicAlert Case Study - 554 KB PDF

MedicAlert needed to accelerate its ability to roll out new services in a secure and effective fashion. Learn how they established a process for managing the functional, security, and performance testing challenges associated with their new capabilities and offerings.

Security Code Audits: One Size Does Not Fit All , Software Test & Performance - 628 KB PDF

Introduces best practices for applying security static analysis, data flow analysis, penetration testing, and workflow optimization to bake security into the application development process.

Parasoft Secure Application Development Solution Sheet

This solution sheet introduces Parasoft's Secure Application Development solution, which establishes a continuous process that ensures security verification and remediation tasks are not only deployed across every stage of the SDLC, but also ingrained into the team's workflow.

Static Analysis, Security Failure , Software Test & Performance

Discusses why a policy-based approach is the secret to success with static analysis.

Rethinking Application Security , Artima

For developers to work effectively in a security-conscious environment, addressing security-related coding issues must be integrated in developers' daily workflow.

Building Security into Software with Security Policies & Static Analysis , Java Developer's Journal

Discusses why the most effective security efforts define a policy that details security requirements, then use static analysis to verify that the policy is implemented in the code.

SOA Best Practices - Four Steps to Securing Your Web Services , SOA World Magazine

Details practices for ensuring Web service security throughout the SDLC.

How to Build Secure, Reliable & Compliant Web 2.0 Applications

Learn pragmatic approaches for implementing effective testing and security strategies for Web 2.0 applications.

Security As A Requirements Issue , SD Times

Argues that security is really a requirements issue.

Making Sense of WS-Policy and SAML , SearchSOA.com

Answers the question "If I want to learn about WS-Policy and SAML, where should I start looking?"

Understanding XPath Injection , SearchSoftwareQuality

Answers the question "Can you please explain what an XPath injection is?"

Prevent Application Logic Attacks with Sound App Security Practices , SearchAppSecurity.com

Discusses the rise in attacks on application logic and strategies for preventing them.

How Does WS-Security Relate to Other WS- Standards? , SearchSoftwareQuality

Answers the question "How can you relate WS-Security, WS-Trust, WS-Policy, WS-SecurePolicy and WS-Reliability to one another?"

Distinguishing a Faked XMLHTTP Request from a Real One , SearchSOA.com

Answers the question "How can one make sure an Ajax-enabled Web application is able to tell the difference between a real and a faked XMLHTTP request?"

How to Create Secure Web Applications with Struts , Java Developer's Journal

Focuses on developing secure Web applications with the popular Java framework Struts.

The Importance of WS-Security , SearchSoftwareQuality

Answers the question "What is WS-Security? Why can't I just use SSL?"

Why are Web Services More Vulnerable than Web Apps? , SearchSoftwareQuality

Answers the question "Why are Web services potentially more vulnerable to security problems compared to traditional Web applications?"

XML Security: Preventing XML Bombs , SearchSoftwareQuality

Answers the question "What is an XML bomb and how do I protect my Web service against it?"

Evaluating Web Services Security Readiness through a POC

Learn how to set-up and run a Web Services security proof of concept to validate early the security readiness of your Web Services.

Hold the Line Against Application Attacks , Software Test & Performance

Presents the security best practices that should be integrated throughout the SDLC in order to "bake in" application security.

Securing Web Services , Information Systems Security

Examines the threats to web applications and services, then outlines a strategy for preventing them.

Insurance Services Office: QA Experience with Security Solutions

ISO QA manager Maria Conway shares her views on new technology and demonstrates leading edge solutions for ensuring application security, reliability, and compliance.

Reducing Software Security Vulnerabilities through Unit Testing , Military & Aerospace Electronics

Explains how best practices like unit testing and coverage analysis can help prevent buffer overflow security vulnerabilities.

Java Application Security in the Corporate World , Java Developer's Journal

Most developers truly believe that application security is not their concern... but are you ready for the code audit?

Banish Security Blunders with an Error-prevention Process , DevX

Traditionally, application security is an afterthought—we build our apps and try to poke holes in them later. Why not take potential security breaches into account from the very beginning? The Automated Error Prevention Methodology provides a framework you can use to integrate security concerns into your app development right from the start.

Minimizing Weaknesses in TLS , JavaPro

Explains how by recognizing TLS's weaknesses and considering alternatives such as message layer security, you can ensure that you are implementing the best possible security scheme for your specific needs.

Preventing Web Service Security Breaches with Unit Testing , StickyMinds.com

One effective way for development teams to prevent unexpected inputs is to perform thorough "white-box" testing at the unit level.

Managing Web Service Security Risks , SD Times

Explains how web services' fundamental architecture opens the door for serious security breaches.

Security Issues with SOAP , Crosstalk Journal

Some of the very features that make SOAP attractive, such as its flexibility and its compatibility with HTTP, also provide opportunities for security breaches. This article discusses SOAP security issues and how they can be addressed.