Better Software - June 2008 - (Page 43) Automated application security testing software will spider the entire application by clicking every button and link, filling out data fields to identify the structure of the program, and then auditing each page for vulnerabilities. It should do this from the outside in, reviewing each portion of the site the way an external hacker might. This comprehensive approach is valuable to ensure that all security holes have been identified and can be fixed. On the down side, it can also produce false positives, and it may not be able to access all of your web pages due to the way that certain pages are coded. Manual testing allows a user to focus on specific pathways or tasks on a website while the software follows silently behind, tracking the process. The program can then audit the particular path that the user has taken for security vulnerabilities and provide a report. Manually crawling an application can be time consuming, but it also ensures that specific pages are tracked and analyzed. • How well does the product integrate with leading quality management platforms? • Does the product appear to evaluate each page of your application or does it get stuck on certain pages? • Does the product allow the end user to easily modify scan settings? • What kinds of restrictions are in the product’s license? • In which formats are reports offered (PDF, HTML, XML)? Are they easy to read? Do they contain information on the location of the vulnerability, how to execute it, how to verify it and how to fix it? • Will the company allow you to evaluate the product before committing to purchase it? Confident vendors will often provide a seven- to 15-day evaluation period. Choosing the right products The following basic questions should be addressed when you are looking for a web application security testing product: • How easy is the product to use? • What kind of training will your QA department require in order to properly use the product? • How well does the product integrate into the tools and software that are already used by your organization? • How often is the product updated with new security checks—daily, weekly, monthly? • What is the false positive rate of the product? While no product is perfect, you want to find a product with as a low a rate as possible so that your resources are not wasted going through false positives. HP Software makes it easy Leading the charge in application quality and security, HP Software has recently completed the acquisition of SPI Dynamics, the leader in web application security testing. SPI Dynamics technology, which is already seamlessly integrated with HP Quality Center software, enables organizations to assess security vulnerabilities along the entire lifecycle of web applications—including development, QA and operations. Customers can also use SPI Dynamics software to validate application security and quality to meet auditing and compliance requirements, such as SOX. To find out more about HP Software’s integrated solutions for Application Quality and Security, please visit www.hp.com/go/software © 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Special Advertising Section http://www.hp.com/go/software http://www.hp.com/go/software
Table of Contents Feed for the Digital Edition of Better Software - June 2008 Better Software - June 2008 Contents Mark Your Calendar Contributors Technically Speaking eLightenment Code Craft Test Connection Management Chronicles Agile Model-Driven Development The Myth of Risk Management Stop the Insanity! Product Announcements 10 Things You Might Not Know About … The Last Word Ad Index Better Software - June 2008 Better Software - June 2008 - (Page Intro) Better Software - June 2008 - Better Software - June 2008 (Page Cover1) Better Software - June 2008 - Better Software - June 2008 (Page Cover2) Better Software - June 2008 - Better Software - June 2008 (Page 1) Better Software - June 2008 - Better Software - June 2008 (Page 2) Better Software - June 2008 - Contents (Page 3) Better Software - June 2008 - Mark Your Calendar (Page 4) Better Software - June 2008 - Mark Your Calendar (Page 5) Better Software - June 2008 - Mark Your Calendar (Page 6) Better Software - June 2008 - Mark Your Calendar (Page 7) Better Software - June 2008 - Contributors (Page 8) Better Software - June 2008 - Contributors (Page Telelogic1) Better Software - June 2008 - Contributors (Page Telelogic2) Better Software - June 2008 - Contributors (Page 9) Better Software - June 2008 - Contributors (Page 10) Better Software - June 2008 - Technically Speaking (Page 11) Better Software - June 2008 - eLightenment (Page 12) Better Software - June 2008 - eLightenment (Page 13) Better Software - June 2008 - Code Craft (Page 14) Better Software - June 2008 - Code Craft (Page 15) Better Software - June 2008 - Code Craft (Page 16) Better Software - June 2008 - Code Craft (Page COD1) Better Software - June 2008 - Code Craft (Page COD2) Better Software - June 2008 - Code Craft (Page COD3) Better Software - June 2008 - Code Craft (Page COD4) Better Software - June 2008 - Code Craft (Page 17) Better Software - June 2008 - Test Connection (Page 18) Better Software - June 2008 - Test Connection (Page 19) Better Software - June 2008 - Management Chronicles (Page 20) Better Software - June 2008 - Management Chronicles (Page 21) Better Software - June 2008 - Agile Model-Driven Development (Page 22) Better Software - June 2008 - Agile Model-Driven Development (Page 23) Better Software - June 2008 - Agile Model-Driven Development (Page 24) Better Software - June 2008 - Agile Model-Driven Development (Page 25) Better Software - June 2008 - Agile Model-Driven Development (Page 26) Better Software - June 2008 - Agile Model-Driven Development (Page 27) Better Software - June 2008 - Agile Model-Driven Development (Page 28) Better Software - June 2008 - Agile Model-Driven Development (Page 29) Better Software - June 2008 - The Myth of Risk Management (Page 30) Better Software - June 2008 - The Myth of Risk Management (Page 31) Better Software - June 2008 - The Myth of Risk Management (Page 32) Better Software - June 2008 - The Myth of Risk Management (Page 33) Better Software - June 2008 - The Myth of Risk Management (Page 34) Better Software - June 2008 - The Myth of Risk Management (Page 35) Better Software - June 2008 - Stop the Insanity! (Page 36) Better Software - June 2008 - Stop the Insanity! (Page 37) Better Software - June 2008 - Stop the Insanity! (Page 38) Better Software - June 2008 - Stop the Insanity! (Page 39) Better Software - June 2008 - Stop the Insanity! (Page 40) Better Software - June 2008 - Stop the Insanity! (Page 41) Better Software - June 2008 - Stop the Insanity! (Page 42) Better Software - June 2008 - Stop the Insanity! (Page 43) Better Software - June 2008 - Product Announcements (Page 44) Better Software - June 2008 - Product Announcements (Page 45) Better Software - June 2008 - 10 Things You Might Not Know About … (Page 46) Better Software - June 2008 - The Last Word (Page 47) Better Software - June 2008 - Ad Index (Page 48) Better Software - June 2008 - Ad Index (Page Cover3) Better Software - June 2008 - Ad Index (Page Cover4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.