Security threats are becoming increasingly more dangerous to consumers and to your organization. Paco Hope provides the latest on static analysis techniques for finding vulnerabilities and the tools you need for performing white-box secure code reviews. He provides guidance on selecting and using source code static analysis and navigation tools. Learn why secure code reviews are imperative and how to implement a secure code review process in terms of tasks, tools, and artifacts. In addition to describing the steps in the static analysis process, Paco explains methods for examining threat boundaries, error handling, and other "hot spots" in software. Find out about the analysis techniques of Attack Resistance Analysis, Ambiguity Analysis, and Underlying Framework Analysis as ways to expose risk and prioritize remediation of insecure code.

• Why secure code reviews are the right approach for finding security defects

When it comes to system and acceptance testing, project teams often end up scrambling for resources, late in the project schedule. The test team must be assembled or expanded, learn the application, and improve their skills before testing begins. When the project ends, the team is downsized or disbanded and its knowledge, skills, and experience are all diminished or lost. David Wong thinks there is a better way-organize skilled individuals into a Testing Center of Excellence (TCOE) to leverage their built-up expertise and application knowledge. A TCOE increases operational efficiencies and provides your organization with one-stop shopping for all testing services. The TCOE is responsible for scheduling test cycles, recruiting and training new staff, and retaining a pool of talented test professionals.

In the software business, poor product design can lead to frustration and wasted time for our customers. Although we can ignore "usability" and "good design" without negatively impacting the initial success of a product, sales and customer satisfaction will suffer in the long run. Usability is a topic that has been discussed at great length, but many of the accepted design conventions either lack explanations of where and how to apply them, or they are entirely untrue. Sanjeev Verma explains how to ignore usability and save valuable time during the design phase of a product and apply it where it really counts-on new feature development. Kendra Yourtee offers proven practices that she has used in her daily routines to improve the usability of products as they are updated. She discusses simple ways to "test" designs against real data before the software is complete.

When the design and the coding are complete, and the product seems ready to ship, it’s hard to understand why testing takes so long. Discover how your source code management system can help you unblock the testing bottleneck.