Secure Development

We'll walk you through the critical step of integrating security into the software development lifecycle (SDLC). You'll hear from the experts on everything from working with developers, to the best ways to assess code for security and the latest development trends and technologies.

Practical tips for implementing grammar-based test case generation

asharma's picture
By Asankhaya Sharma September 12, 2015

In this article, we will examine some practical tips to keep in mind while implementing grammar-based test case generation. These guidelines are based on the experience of implementing Gramtest - a Java tool that allows you to generate test cases based on arbitrary user defined grammars. Let's jump right in on how we implemented Gramtest. #Implementation The key aspect of the grammar-based... READ MORE

Distributed Synchronization with Spring JPA

chut's picture
By Chris Hut August 9, 2015

Web sites and other distributed, multi-user systems present unique challenges for concurrent access to shared state. In this post we'll take a look at a simple strategy (with one big gotcha) for achieving distributed resource synchronization in the Spring JPA environment. Case Study: Volunteer Signup Let us imagine we have built a web portal that enables organizers to create jobs for which... READ MORE

How DevOps and an Agile Methodology Can Alter Security Integration

sdrew's picture
By Shawn Drew August 9, 2015  | Secure Development

Security controls and tests have never been the easiest things to incorporate in the software development lifecycle (SDLC) — but as application security grows in importance, some changes in the way software gets made are making security integration more difficult than ever. The Agile methodology, especially when combined with a DevOps paradigm, embraces speed, making it much harder to get... READ MORE

Play in the sandbox

pchestna's picture
By Pete Chestna July 29, 2015  | Secure Development

This next post picks up where we left off in our previous discussion around automation within developers’ toolchains. Once developers have a methodology to perform security assessments and fix identified vulnerabilities within an integrated environment, the next question is how to assess new code against specific security and compliance policies. The sandbox is the way for individual... READ MORE

How a DevOps Team Can Transform Your Company

ewade's picture
By Evan Wade July 28, 2015  | Secure Development

At a conceptual level, you can compare most moderately complex businesses to the inner workings of a mechanical clock. They both require several parts moving in sync to function (think accountants, sales reps and marketing). Apply that analogy to the software development industry, and you have something resembling a cuckoo clock. Forgetting the countless integral external roles, core... READ MORE

Why Tony Hawk wears a helmet and why developers should too

mcurphey's picture
By Mark Curphey July 27, 2015

Many of the worlds best developers work on solving the hardest problems that often also address multi-billion dollar markets. High risk, high stakes and high reward. These developers are to the software industry what Tony Hawk is to the skateboarding community. Tony Hawk wears a helmet because he does difficult stuff. And for those who aspire to be a star like him, it’s the norm to also wear a... READ MORE

In Software Development, Speed and Security Don't Have to Be Mutually Exclusive

jmontesi's picture
By John Montesi July 23, 2015  | Secure Development

Mention security and testing to a group of young developers, and you'll likely hear a lot of groans. It's not that the current generation of Agile-minded code hotshots is careless; rather, it's that the culture at most companies is one of speed and achievement. It's easier to celebrate milestones than it is to celebrate a lack of something, even if that something is a lack of hacks. And often,... READ MORE

A Broad Look at DevOps: Why It Came to Be and How It's Changing the Development World

ewade's picture
By Evan Wade July 22, 2015  | Secure Development

If you've been working in development long at all, you've probably heard the term "DevOps" kicked around quite a bit — and if you work in a non-technical capacity, you probably ask yourself what the heck it is every time you see the word. The problem with answering this question is the term means different things depending on who you ask. Like most industry buzzwords, the... READ MORE

In DevOps Culture, Communication and Collaboration Are Key

ewade's picture
By Evan Wade July 21, 2015  | Secure Development

There's a reason DevOps culture values effective communication and collaboration so highly. In an industry where distributed offices full of crucial roles are the norm — and one where even departments within the same buildings tend to distrust one another — any improvement in the way people interact is bound to have some positive results, especially when so many moving parts need... READ MORE

How DevOps, Rapid Deployment and Security All Fit Together

ewade's picture
By Evan Wade July 20, 2015  | Secure Development

As the heir apparent to Agile, DevOps brings a lot of the methodology's traits to the table — including some of its flaws. Or, more accurately, its supposed flaws: As CA Veracode has shown, the security concerns associated with Agile are avoidable, and it's the same way with DevOps. In the context of rapid deployment, i.e., the main tentpole of DevOps philosophy, that can mean a few... READ MORE

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu