From confidentiality, integrity, and availability to authentication, authorization, and audit, find out how you can employ best practices to make Web services secure.
The new version of Groove is more tightly integrated with Windows than ever before. It deserves a spot in any far-flung enterprise or extranet collaboration picture.
Anyone who needed another example of just how radically network security issues have shifted over the past few years must look no further than last week's recommendation from IT industry analysts at Gartner that corporations consider banning Apple Computer's wildly popular portable music player, the iPod, from the workplace.
Web services security is being built into everything from major Web app development platforms to integration and other software.
ADT's Programmers Report occasionally looks at security
issues from the point of view of source code analysis and better coding
practices. We recently met with Chris Wysopal, vice president of R&D for
@stake Inc., and thought he had a different take on this issue. What follows are
excerpts from an e-mail interview.
A recent security vulnerability suggests that maybe the once a month Microsoft
patch cycle wasn't such a good idea after all.
Fortify Software offers a high-end static analysis tool set dedicated to checking security issues.
JAAS is based on the Pluggable Authentication Modules model and provides authentication and authorization services. Check out its many security benefits for Java applications.
Microsoft is urging developers working on or maintaining applications running on Windows XP to get up to speed on Service Pack 2 (SP2), currently a Release Candidate 1 (RC1).
The Web Services Interoperability (WS-I) Organization has released the working-group draft of its Basic Security Profile for public comment.
There are lots of ways to think about good software. Is the balance seriously
off in recent years?
Don't leave application security for tomorrow.
Malicious exploitations of Windows vulnerabilities have become such a common occurrence that Gartner is advising its Windows-using customers to plan for them in their budgets.
Since 1996, security guru Dr. Gary McGraw has been admonishing software developers to consider threats and vulnerabilities early in the development cycle. For attackers, it's all about getting to exploitable code, McGraw believes, which ultimately puts the security onus on programmers.
CAS/Tester is an innovative product for the .NET developer that shows how your code will react under a variety of security limitations.
Hewlett-Packard (HP) Co. last week signed a definitive agreement to buy TruLogica, a Dallas-based provider of identity management software. HP plans to integrate the privately owned company's ID management technology into its OpenView Select Access software to form "a complete federated identity management offering."
Windows XP Service Pack 2 is coming. Are you ready to rewrite your
applications...again?
Web application security software vendor Sanctum Inc., Santa Clara, Calif., has announced a partnership with Sunnyvale, Calif.-based Mercury Interactive Corp. to integrate security testing tools into the QA environment.
Microsoft is offering a bounty for writers of malicious code. Maybe they should
take some of that money and spend it internally.
Announcement of new support for Web services security across IBM's WebSphere infrastructure and Tivoli identity management middleware.