OWASP Top 10 – Cross-Site Scripting (XSS)

In my introductory article, I discussed explaining each vulnerability in the OWASP Top 10 for you. The first on the list is Cross-Site Scripting (XSS). Websites today are very advanced and they contain lots of dynamic content. Dynamic content is information on a web site that is generated on the fly. Dynamic content is usually seen on forums, […]

Read more
We want your feedback for SecureCI!

Do you have ideas for the next version of SecureCI? Is some tool or feature missing that would make the product better? Something we could have done differently that would make it more useful? We’ve set up a forum at uservoice to make it easy for you to give us feedback. Whether it is a suggestion, new […]

Read more
Introducing SecureCI

SecureCI is an open-source continuous integration solution. We’ve assembled a number of open-source tools that we use, installed them in a VMware image and configured them to work together. SecureCI is packaged as a virtual machine that can be run with the VMware Player that way you can be up and running in minutes without […]

Read more
iHuddle

Daily stand up meetings, or huddles as Scrum calls them, are a core Agile practice that promotes communication and project visibility. They are an invaluable tool for identifying but not solving problems. So what do you do when a part of your team is in another city or continent? You iHuddle. Er, ah, what is […]

Read more
Why I write tests first

I was recently having a discussion with some coworkers about test-driven development. There was some discussion about the relative value and cost, and not surprisingly some dramatically different opinions on the subject. It got me thinking about my own habits. I like test-driven development, but I’m not a purist. I almost always write my code with testing […]

Read more
Hierarchy for Ant build properties

When I first start a new Java project, one of the first things I set up is a skeleton Ant build.xml file. I try to set it up so that a new developer on the project should be able to checkout and compile with no configuration. At least that’s the goal. That means setting up some reasonable […]

Read more
Test Automation beyond Unit Test

I have worked on teams that were successful just creating an continuous integration server that ran unit tests. Unit testing is the corner stone of testing in software development. If you units function correctly there is a higher probability that the application as a whole functions correctly. If you can write unit tests that cover […]

Read more
The Agile Test Strategy Document…it does exist!

It is a common mis-perception that agile methodologies view planning and documentation as dated, time-wasting practices that should be avoided. While it is true that the agile manifesto asks us to value response to change over adherence to (static) plans, and working code over comprehensive documentation, it does not ask us to push planning and […]

Read more
X