Browse by Tags - HP Application Security Center Community
United States-English
Home - Tab - Selected
» Blogs - Tab
» Forums - Tab

Browse by Tags


HP Application Security Center Community » All Tags » testing (RSS)

» Hybrid Analysis - The Answer to Static Code Analysis Shortcomings

Hybrid Analysis - The Answer to Static Code Analysis Shortcomings Given my previous article and the buzz it generated (both for and against the ideas I set forth)... I needed to hurry-up and write the follow-on article for "Static Code Analysis Failures". I've had so many conversations...
Posted to Following the White Rabbit (Weblog) by Rafal Los on 05-15-2008

» Static Code Analysis Failures

Static code analysis failures are costing enterprises money and reputation. White-box security testing is inherently a flawed proposition for many reasons -but it all comes down to a very simple concept: Machines do not execute source code, they execute machine code (compiled code). --Paul Anderson ...
Posted to Following the White Rabbit (Weblog) by Rafal Los on 05-06-2008

» Navigating the PCI DSS Standards...

For those of you who keep up with the PCI DSS standard, the coucil today has issued an update titled: Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified . The standard item 6.6 has been further clarified in one of two options, as before, being either Application...
Posted to Following the White Rabbit (Weblog) by Rafal Los on 04-22-2008

» "Security Vulnerability" != "Defect" ; why?

It's one of those obvious things. A defect is a defect, right? Whether the airbag is faulty, or the gas cap doesn't hold pressure... a defect is a defect. The strange thing is - it hasn't been that way, and still isn't that way, in most of the IT shops I've been in. Why? The reason...
Posted to Following the White Rabbit (Weblog) by Rafal Los on 04-01-2008

» Re: Ajax Testing Question

EW, One of our engineers, Bryan Sullivan, recently wrote an article about teaching your QA department about how to test Ajax applications properly for security defects. It's a good read: http://www.devcity.net/Articles/273/1/article.aspx Enjoy! Billy Hoffman -- Lead Researcher, SPI Labs SPI Dynamics...
Posted to What's on your mind? (Forum) by Billy on 11-13-2006

» Ajax Testing Question

I have read and heard a lot of information about the new dangers related to Ajax enabled sites. I am really interested in methods being used by the "pros" to test ajax heavy sites. Request modifications must happen the same way as traditional web app testing ocurrs. Catch the request in a proxy...
Posted to What's on your mind? (Forum) by edw on 10-18-2006
Page 1 of 1 (6 items)
Information disclosed in this community becomes public. Exercise caution when deciding to disclose your personal information. HP reserves the right, but is not obligated to, edit or remove your comment if it contains personally identifiable information or other content HP deems unacceptable.  Opinions expressed are your personal opinions or those of the original authors, and not of HP. Please see HP's web Terms of Use for more details.