News, analysis and technical advice about securing applications and Web services.
Updated: 21 hours 30 min ago
Secure Code: Why buffer overflows still matter
To secure code, software pros test for buffer overflows -- even though these flaws occur only in nonmemory-managed languages such as C and C++.
A five-step plan to capturing better application requirements
Defining software application requirements at a project's outset is still an issue. Learn how to build better application requirements.
Security testing basics: QA professionals take the lead
QA professionals should take the lead on security testing basics. Their big-picture view of an application helps them find and protect valuable data.
Hiring tips: How to pick software pros without making mistakes
Management expert Johanna Rothman offers tips on hiring software pros: The key to finding candidates that fit is asking better interview questions.
Mobile 2013: Fusion apps better for business
In 2013, multilayered fusion apps will combine data from multiple sources, creating new business opportunities for companies that develop them.
Health care applications: How to determine what to test
Risk analysis for health care software apps helps clarify which functional areas are most important to test. Catching critical defects can save lives.
BYOD policies pose mobile app testing challenges
How do you meet mobile app testing challenges without the right of mix of smartphones and other devices on hand?
Knowledge transfer plan: Now is a good time to get one
The best time to implement a knowledge transfer plan is continually. Cross-training is a best practice for all projects and project managers.
Can security support help developers write code?
At best, development frameworks support the creation of secure code. They do not, however, prevent the creation of insecure code.
Agile planning: Focus on average time over many iterations
When it comes to Agile planning, average time over many iterations is a more important metric than individual story estimates.
Application security plan: Who is responsible for testing?
Step one in devising an application security plan is determining whether the development team or the security group is responsible for testing.
Scrum team commitments: More harm than good
Most inexperienced Scrum teams overcommit on what they will deliver, and when. Agile leader Lisa Crispin says that does more harm than good.
Project management skills: Earn the technical respect of the team
Your project management skills won't take you far if you can't earn the technical respect of developers and testers on your IT team.
Release manager on software rollout: Let business goals drive code changes
An experienced release manager offers advice on software rollouts: Let business goals and tight controls drive code changes.
Software testing trends 2012: Business alignment, not bug fixes
Chief among the software testing trends of the past year was a focus on business alignment over bug fixes.
Managing mergers: Test professional best practices
QA lead Gerie Owen offers firsthand advice for test professionals on managing mergers.
Cloud ALM: How to plan your project
Advice for cloud ALM projects: make sure that your test sandboxes cannot access production databases or other resources.
Finding more defects with Agile exploratory testing
Agile exploratory testing can help teams discover more defects, allowing everyone on the team to explore all the ways a customer can use the application.
Social media surveys: A tool for better requirements?
Social media surveys make it easier to conduct conversations with experts to help define requirements for software development projects.
Meritocracy: Retaining software developers
Meritocracy -- not salary -- is the key to holding on to your best software developers, according to IT hiring experts.