Better Software - December 2008 - (Page 21) Automated application security testing software will spider the entire application by clicking every button and link, filling out data fields to identify the structure of the program, and then auditing each page for vulnerabilities. It should do this from the outside in, reviewing each portion of the site the way an external hacker might. This comprehensive approach is valuable to ensure that all security holes have been identified and can be fixed. On the down side, it can also produce false positives, and it may not be able to access all of your web pages due to the way that certain pages are coded. Manual testing allows a user to focus on specific pathways or tasks on a website while the software follows silently behind, tracking the process. The program can then audit the particular path that the user has taken for security vulnerabilities and provide a report. Manually crawling an application can be time consuming, but it also ensures that specific pages are tracked and analyzed. • How well does the product integrate with leading quality management platforms? • Does the product appear to evaluate each page of your application or does it get stuck on certain pages? • Does the product allow the end user to easily modify scan settings? • What kinds of restrictions are in the product’s license? • In which formats are reports offered (PDF, HTML, XML)? Are they easy to read? Do they contain information on the location of the vulnerability, how to execute it, how to verify it and how to fix it? • Will the company allow you to evaluate the product before committing to purchase it? Confident vendors will often provide a seven- to 15-day evaluation period. Choosing the right products The following basic questions should be addressed when you are looking for a web application security testing product: • How easy is the product to use? • What kind of training will your QA department require in order to properly use the product? • How well does the product integrate into the tools and software that are already used by your organization? • How often is the product updated with new security checks—daily, weekly, monthly? • What is the false positive rate of the product? While no product is perfect, you want to find a product with as a low a rate as possible so that your resources are not wasted going through false positives. HP Software makes it easy Leading the charge in application quality and security, HP Software has recently completed the acquisition of SPI Dynamics, the leader in web application security testing. SPI Dynamics technology, which is already seamlessly integrated with HP Quality Center software, enables organizations to assess security vulnerabilities along the entire lifecycle of web applications—including development, QA and operations. Customers can also use SPI Dynamics software to validate application security and quality to meet auditing and compliance requirements, such as SOX. To find out more about HP Software’s integrated solutions for Application Quality and Security, please visit www.hp.com/go/software © 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Special Advertising Section http://www.hp.com/go/software http://www.hp.com/go/software
Table of Contents Feed for the Digital Edition of Better Software - December 2008 Better Software - December 2008 Contents Mark Your Calendar Contributors eLightenment Technically Speaking Code Craft Test Connection Management Chronicles What's a Manager to Do? Six Thinking Hats for Testers The Key to Good Interviewing 2008 Salary Survey Product Announcements 10 Things You Might Not Know About … The Last Word Ad Index Better Software - December 2008 Better Software - December 2008 - (Page Intro) Better Software - December 2008 - (Page BB1) Better Software - December 2008 - (Page BB2) Better Software - December 2008 - Better Software - December 2008 (Page Cover1) Better Software - December 2008 - Better Software - December 2008 (Page Cover2) Better Software - December 2008 - Better Software - December 2008 (Page 1) Better Software - December 2008 - Better Software - December 2008 (Page 2) Better Software - December 2008 - Contents (Page 3) Better Software - December 2008 - Mark Your Calendar (Page 4) Better Software - December 2008 - Mark Your Calendar (Page 5) Better Software - December 2008 - Contributors (Page 6) Better Software - December 2008 - Contributors (Page 7) Better Software - December 2008 - eLightenment (Page 8) Better Software - December 2008 - eLightenment (Page 9) Better Software - December 2008 - eLightenment (Page 10) Better Software - December 2008 - Technically Speaking (Page 11) Better Software - December 2008 - Code Craft (Page 12) Better Software - December 2008 - Code Craft (Page 13) Better Software - December 2008 - Code Craft (Page 14) Better Software - December 2008 - Code Craft (Page 15) Better Software - December 2008 - Test Connection (Page 16) Better Software - December 2008 - Test Connection (Page 17) Better Software - December 2008 - Management Chronicles (Page 18) Better Software - December 2008 - Management Chronicles (Page 19) Better Software - December 2008 - Management Chronicles (Page 20) Better Software - December 2008 - Management Chronicles (Page 21) Better Software - December 2008 - What's a Manager to Do? (Page 22) Better Software - December 2008 - What's a Manager to Do? (Page 23) Better Software - December 2008 - What's a Manager to Do? (Page 24) Better Software - December 2008 - What's a Manager to Do? (Page 25) Better Software - December 2008 - What's a Manager to Do? (Page 26) Better Software - December 2008 - What's a Manager to Do? (Page 27) Better Software - December 2008 - Six Thinking Hats for Testers (Page 28) Better Software - December 2008 - Six Thinking Hats for Testers (Page 29) Better Software - December 2008 - Six Thinking Hats for Testers (Page 30) Better Software - December 2008 - Six Thinking Hats for Testers (Page 31) Better Software - December 2008 - Six Thinking Hats for Testers (Page 32) Better Software - December 2008 - Six Thinking Hats for Testers (Page 33) Better Software - December 2008 - The Key to Good Interviewing (Page 34) Better Software - December 2008 - The Key to Good Interviewing (Page 35) Better Software - December 2008 - The Key to Good Interviewing (Page 36) Better Software - December 2008 - The Key to Good Interviewing (Page 37) Better Software - December 2008 - The Key to Good Interviewing (Page 38) Better Software - December 2008 - The Key to Good Interviewing (Page 39) Better Software - December 2008 - 2008 Salary Survey (Page 40) Better Software - December 2008 - 2008 Salary Survey (Page 41) Better Software - December 2008 - 2008 Salary Survey (Page 42) Better Software - December 2008 - 2008 Salary Survey (Page 43) Better Software - December 2008 - Product Announcements (Page 44) Better Software - December 2008 - Product Announcements (Page 45) Better Software - December 2008 - 10 Things You Might Not Know About … (Page 46) Better Software - December 2008 - The Last Word (Page 47) Better Software - December 2008 - Ad Index (Page 48) Better Software - December 2008 - Ad Index (Page Cover3) Better Software - December 2008 - Ad Index (Page Cover4) Better Software - December 2008 - Ad Index (Page STF1) Better Software - December 2008 - Ad Index (Page STF2) Better Software - December 2008 - Ad Index (Page STF3) Better Software - December 2008 - Ad Index (Page STF4)
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.