HOME ALL STORIES LATEST NEWS COLUMNS OPINIONS GUEST VIEWS SHORT TAKES LINKAPALOOZA NEWSWIRE SPECIAL REPORTS ZEICHICK'S TAKE SD TIMES 100 BE A NEWSHOUND

IPHONE APP

IPAD APP

RSS FEEDS

FACEBOOK

TWITTER

WHITE PAPERS SPONSORED PROFILES JOB BOARD WEBINAR CENTER FREE SOFTWARE ANDROID NEWSLETTER BIG DATA TECHREPORT ALM SHAREPOINT EVENTS CALENDAR PRINT/PDF EDITION PRINT/PDF BACK ISSUES

SUBSCRIBE TODAY CUSTOMER SERVICE EDITORIAL BEATS GUEST VIEW GUIDE SD TIMES 100 GUIDE EVENTS CALENDAR ADVERTISING ARTICLE REPRINTS REPORT A BUG SITE MAP

ABOUT US BZ MEDIA NEWS NEWS ON MONDAY SPTECHREPORT SPTECHWEB SPTECHCON IPHONE/IPAD DEVCON ANDROID DEVCON PRIVACY POLICY CONTACT US

HOME >> SPECIAL REPORTS

Think like a hacker

By Jeff Feinman

February 15, 2009 — (Page 6 of 6)
IBM Rational’s Weider said that articulating security requirements can be difficult, and rarely are there people with the right skills to define what the requirements should be. He emphasized the importance of security in the design of applications, and said it is important to integrate threat modeling and other types of threat analysis into the design process to ensure that security is captured in the design and architecture.

Additionally, it’s not always easy to have all requirements accepted because there can be many more requirements than can fit into a given cycle, Weider said. This results in a “tug of war” as far as what requirements make it into the process. Because of this, testers need to prioritize security improvements to the application in the same way other software professionals prioritize quality and functional improvements.

“That is the challenge, but I think every year it’s getting a little better as security is becoming more accepted within development,” Weider said. “In the past, it wasn’t something that was well understood, but now as we’ve seen application security becoming one of the main vulnerabilities on the Internet as well as compliance issues, the priority of security in development requirements has been getting steadily better every year.”

Related Search Term(s): professional development, security, testing, IBM, Fortify, Klocwork, Vi Labs

Pages 1 2 3 4 5 6

Share this link: http://sdt.bz/33274

Most Read Latest News Resources

SAP unveils SAP HANA platform innovations for Big Data and spatial processing
Features include smart data access and expanded cloud deployment options

Alteryx raises $12 million to put Big Data analytics in the hands of all business analysts
Quest founder's firm, Toba Capital, selects Alteryx as its first analytics investment

Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1

Jelastic launches new version of its Java and PHP hosting platform
Jelastic today announced the launch of a new version of its ultra-scalable cloud hosting platform

Telerik adds back-end services to Icenium mobile tool suite
Icenium Everlive makes the suite a complete app development platform, the company says

CollabNet fuses CloudForge, TeamForge
New pricing structure and integration gives developers an enterprise-grade choice for dist...

Eclipse release train for Kepler arrives June 26
New version of Eclipse includes Stardust for business process management, and Orion 3.0 fo...

Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1

IDC MarketScape: Worldwide Cloud Testing and ASQ SaaS Demand for solutions to test applications on the cloud and for the cloud is rising signifi...

Get to Know the Database Decision Factors What should you look for when choosing a relational database system? This informative arti...

Exploring the Database Forest Today’s database technology landscape is more dynamic and varied than ever before. What’s...

Data Management Resource Guide Today’s data is generated by more than just applications. Data is generated by trillions o...

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Application security, IBM style Jack Danahy, founder of Ounce Labs, discusses acquisitions by IBM and what he sees in the security space

News Briefs: November 15, 2008 Metaforic comes out with a new security product for monitoring networks, ICEsoft and ILOG announce that they are merging their technologies for later releases, and Urbancode adds pre-flight builds for testers to AnthillPro.

IBM acquires security testing company Ounce Labs Ounce's source code analysis software is expected to extend IBM’s application security and compliance products.

Comments

06/23/2009 10:30:01 AM EST

On a related note and for similar content, see our book "The Art of Software Security Testing" published in 2006 http://www.amazon.com/Art-Software-Security-Testing-Identifying/dp/0321304861/ref=ntt_at_ep_dpt_2, for example chapters 1, pg 11 "Think like an Attacker" and chapter 3 "The Secure Software Development Lifecycle"

United StatesElfriede Dustin

Application security, IBM style
Jack Danahy, founder of Ounce Labs, discusses acquisitions by IBM and what he sees in the security space Read More...

News on Monday more>>
Android Developer News more>>
SharePoint Tech Report more>>
Big Data TechReport more>>

Download Current Issue
MAY 2013 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?

HOME SITE MAP CURRENT ISSUE BACK ISSUES SUBSCRIBER SERVICES ABOUT US CONTACT US BZ MEDIA

Think like a hacker

By Jeff Feinman

Related Articles

Comments