As of my last article on XSS, the OWASP organization has released a new Top 10 for 2010 and has placed injection attacks in the number 1 spot. Now that XSS and SQL injection flaws have flipped spots, I will continue the article series using the new Top 10 list. You can find the new OWASP Top 10 […]
In my introductory article, I discussed explaining each vulnerability in the OWASP Top 10 for you. The first on the list is Cross-Site Scripting (XSS). Websites today are very advanced and they contain lots of dynamic content. Dynamic content is information on a web site that is generated on the fly. Dynamic content is usually seen on forums, […]
SecureCI is an open-source continuous integration solution. We’ve assembled a number of open-source tools that we use, installed them in a VMware image and configured them to work together. SecureCI is packaged as a virtual machine that can be run with the VMware Player that way you can be up and running in minutes without […]
Daily stand up meetings, or huddles as Scrum calls them, are a core Agile practice that promotes communication and project visibility. They are an invaluable tool for identifying but not solving problems. So what do you do when a part of your team is in another city or continent? You iHuddle. Er, ah, what is […]
I was recently reminiscing with a friend regarding some of the hairier projects we had worked on together. One in particular stood out. It was for a financial services company. While the project itself had no specific security requirements, the company decided toward the end of the project that it needed to have security […]
I was recently having a discussion with some coworkers about test-driven development. There was some discussion about the relative value and cost, and not surprisingly some dramatically different opinions on the subject. It got me thinking about my own habits. I like test-driven development, but I’m not a purist. I almost always write my code with testing […]
When I first start a new Java project, one of the first things I set up is a skeleton Ant build.xml file. I try to set it up so that a new developer on the project should be able to checkout and compile with no configuration. At least that’s the goal. That means setting up some […]
I have worked on teams that were successful just creating an continuous integration server that ran unit tests. Unit testing is the corner stone of testing in software development. If you units function correctly there is a higher probability that the application as a whole functions correctly. If you can write unit tests that cover […]
It is a common mis-perception that agile methodologies view planning and documentation as dated, time-wasting practices that should be avoided. While it is true that the agile manifesto asks us to value response to change over adherence to (static) plans, and working code over comprehensive documentation, it does not ask us to push planning and […]
