Conference Presentations

Preventing Security Breaches at the Source

Security is a complex and often overwhelming issue. You cannot rely solely on trying to prevent hackers from entering your systems. Instead, you must ensure that the system safeguards itself if a hacker does break in. Three of the most common internal software weaknesses hackers exploit are dangerously constructed SQL, buffer overflows, and runtime exceptions that are not properly handled. Although testing existing code for these defects can help, it is not fool proof. You also need to make a concerted effort to prevent security vulnerabilities from being introduced as the team is writing code. Through the application of practices, such as static analysis, dynamic analysis, unit testing, and runtime error detection, you can jumpstart your security efforts and keep the hackers at bay.

  • The most common internal software weaknesses that hackers exploit
Sergei Sokolov, ParaSoft Corporation
Go on Offense: Prevent Web Application Security Breaches

You must successfully test your browser-based applications before hackers do the job for you! Whether you have to worry about critical business applications or government compliance issues like HIPPA (Health Insurance Portability and Accountability Act of 1996) or GLBA (Financial Services Modernization Act of 1999), security failures can cost your organization big dollars, unnecessary embarrassment, or both. Hackers have gone beyond simple exploits of open IP ports and standard applications such as Telnet, FTP, and Sendmail, turning their attention to commercial and custom Web applications. To thwart the hackers, test engineers must focus their efforts on common and uncommon security vulnerabilities within the application, including SQL injections, session hijacking, cross-site scripting, and more.

Dennis Hurst, SPI Dynamics Inc
Questions to Ask a Software Vendor about Security (and Verify) before Purchase

How do you choose which software vendor's product to buy? For a long time, CRM packages, ERP systems, and other commercial software selection criteria have come down to factors such as performance, compatibility, reputation of the vendor, support, and price. Security, though, has become a looming factor in the total cost of ownership and the risk of selecting one software product over another. Ed Adams describes the tough questions you need to ask vendors about security and how to extract critical information from them. Find out the steps to verify that their statements are accurate and their answers complete. With an approach for quantifying security risk before purchase, your organization will make more informed acquisition decisions.

  • A security assessment approach for purchased software packages
  • Quantifying security risk in software packages before purchase
Ed Adams, Security Innovation LLC
End to End Security: Building Products Right

How do you build a product that is secure? Why are some products inherently more secure than others? Join Richard Ford as he shares his experiences, both building products and teaching other developers how to think about security. All too often, computer security is the last thing considered when building a new product; that is, security is relegated to a "bolt on" ... something to be added to the product before it can be shipped. You will see demonstrations of security flaws that illustrate why security should be considered at every stage in the product process, from initial idea to golden master… and beyond. Learn to think about security holistically and take away a checklist of issues to consider at every step in the product lifecycle. Finally, gain insight into ways of building a development culture that is security aware and maintaining an efficient but secure corporate culture.

Richard Ford, Florida Institute of Technology
The Enemy Within

Not all threats come from outsiders. In an era of downsizing, layoffs, and pay cuts, sometimes it's your own disgruntled employees (or ex-employees) who are targeting you. Get some tips to help you protect your software from sabotage.

Clarke Ching's picture Clarke Ching
Damage Control

Turn to The Last Word, where software professionals who care about quality give you their opinions on hot topics. This month, read why perhaps software should come equipped with seat belts and an air bag.

Eric Rescorla
A Killer Bug for the New Millenium

We're pleased to bring you technical editors who are well respected in their fields. Get their take on everything that relates to the industry, technically speaking. In this issue, find out why our guest editor thinks he's found the bug that will once again bring testers to the forefront—a bug that dwarfs Y2K and could put big, rich software companies out of business.

James Whittaker's picture James Whittaker
Case Your Own Joint

Hackers are going to probe your system looking for weak spots and holes. What will they find? Learn how to uncover your own security vulnerabilities before the bad guys do.

Chris Wysopal
Warning: Security Storm Brewing

For too long now, consumers have been bailing, patching, and plugging their software each time a new security hole is discovered. And they've been absorbing the damage done by the leaks. A wave of security-conscious buyers is rising, demanding software that is sound and secure by design. Are you ready to give it to them? Find out why you should be.

Herbert H. Thompson
Preventing Web Service Security Breaches

Because Web services are especially vulnerable to security breaches, verifying the integrity of Web services is critical to successful deployment. By adopting specific white-box testing techniques at the unit and system level, testers can better ensure the security and dependability of the Web services application their company produces. Learn what you can do to test Web services for conditions and input data that are not expected and fix security problems before they harm your organization.

  • Find security problems with specific white-box test techniques
  • Ensure proper functionality, interoperability, and security of Web services
  • Web services testing issues for developers and QA testers
Gary Brunell, ParaSoft Corporation

Pages

AgileConnection is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.