OWASP Top 10 – Cross-Site Scripting (XSS)
We want your feedback for SecureCI!
In my introductory article, I discussed explaining each vulnerability in the OWASP Top 10 for you. The first on the list is Cross-Site Scripting (XSS). Websites today are very advanced and they contain lots of dynamic content. Dynamic content is information on a web site that is generated on the fly. Dynamic content is usually seen on forums, […]
Do you have ideas for the next version of SecureCI? Is some tool or feature missing that would make the product better? Something we could have done differently that would make it more useful? We’ve set up a forum at uservoice to make it easy for you to give us feedback. Whether it is a suggestion, new […]
SecureCI is an open-source continuous integration solution. We’ve assembled a number of open-source tools that we use, installed them in a VMware image and configured them to work together. SecureCI is packaged as a virtual machine that can be run with the VMware Player that way you can be up and running in minutes without […]
Cost effective security testing: test early, test often
Daily stand up meetings, or huddles as Scrum calls them, are a core Agile practice that promotes communication and project visibility. They are an invaluable tool for identifying but not solving problems. So what do you do when a part of your team is in another city or continent? You iHuddle. Er, ah, what is […]
Why I write tests first
I was recently reminiscing with a friend regarding some of the hairier projects we had worked on together. One in particular stood out. It was for a financial services company. While the project itself had no specific security requirements, the company decided toward the end of the project that it needed to have security […]
Hierarchy for Ant build properties
I was recently having a discussion with some coworkers about test-driven development. There was some discussion about the relative value and cost, and not surprisingly some dramatically different opinions on the subject. It got me thinking about my own habits. I like test-driven development, but I’m not a purist. I almost always write my code with testing […]
Test Automation beyond Unit Test
When I first start a new Java project, one of the first things I set up is a skeleton Ant build.xml file. I try to set it up so that a new developer on the project should be able to checkout and compile with no configuration. At least that’s the goal. That means setting up some reasonable […]
The Agile Test Strategy Document…it does exist!
I have worked on teams that were successful just creating an continuous integration server that ran unit tests. Unit testing is the corner stone of testing in software development. If you units function correctly there is a higher probability that the application as a whole functions correctly. If you can write unit tests that cover […]
It is a common mis-perception that agile methodologies view planning and documentation as dated, time-wasting practices that should be avoided. While it is true that the agile manifesto asks us to value response to change over adherence to (static) plans, and working code over comprehensive documentation, it does not ask us to push planning and […]