Security testing tools and techniques
Software Quality Assurance, Software testing, Java, Software testing tools, Software Quality, Software security testing, Software development, Software testing methodologies
Hi,
We would like to do security testing to our current project which is developed in JAVA, can you please share some information about how to start security testing, related websites, tools, techniques and any documents related to it.
Thanks in Advance
Regards
Harish Malvi
We would like to do security testing to our current project which is developed in JAVA, can you please share some information about how to start security testing, related websites, tools, techniques and any documents related to it.
Thanks in Advance
Regards
Harish Malvi
ASKED:
Dec 10, 2008 6:45 AM GMT
UPDATED:
December 17, 2008 9:36:34 PM GMT
RELATED QUESTIONS
- Physical-to-virtual server migration: Tips, tools and best practices?
- What are your questions for software testing expert James Christie? 100 Point Bounty!
- mainframe-to-mainframe platform transition testing
- Sample Test Data from Production in SQL Server 2008
- What roles do cookies play in security testing?
- 508 security testing
- 508 Compliance Testing Tool
- how does duplex work in relation to switches and hubs
- PM Tools for team members
- How to identify creative test cases which finds unique bugs and accelerates the quality product releases to the market?
Answer Wiki:
Did your project team start out by creating secure code? That's the key to building truly secure applications, according to Ryan Berg, chief scientist for Ounce Labs Inc.. In a <SearchSoftwareQuality.com on developing secure applications, Berg wrote:
"Developing secure code must begin during requirement definition and continue throughout design and development, as well as during testing and deployment. If you wait until testing you are almost guaranteed to find insecurities, and all too often, you will not find all of them or even miss the most critical flaws."
You'll find some good info in the book, "Fuzzing for Software Security Testing and Quality Assurance." Here's that book's chapter on testing software for quality.
You can glean some good advice from this oldie-but-goody article by Ramesh Nagappan, CISSP, on Java application features and measures.
Rick Hower offers lists of security testing tools on the Software QA/Test Resource Center site, too.
If you find other resources, please let me know. I'd be interested in adding them to my list.
"Developing secure code must begin during requirement definition and continue throughout design and development, as well as during testing and deployment. If you wait until testing you are almost guaranteed to find insecurities, and all too often, you will not find all of them or even miss the most critical flaws."
You'll find some good info in the book, "Fuzzing for Software Security Testing and Quality Assurance." Here's that book's chapter on testing software for quality.
You can glean some good advice from this oldie-but-goody article by Ramesh Nagappan, CISSP, on Java application features and measures.
Rick Hower offers lists of security testing tools on the Software QA/Test Resource Center site, too.
If you find other resources, please let me know. I'd be interested in adding them to my list.
45 pts.
To see other answers submitted to the Answer Wiki View Answer History.
