Improve security by integrating development and static and dynamic testing
Independent expert M. Tim Jones takes you on a tour of testing your applications for security capabilities during the development and verification phase, focusing on code that you can touch, test, and inspect manually, as well as code that is perfect for automated review and inspection while under execution. In other words, static and dynamic analyses (plus another type of dynamic testing that goes by several names: vulnerability scanning, network reconnaissance, and penetration testing). In the following image, Jones outlines the different approaches and tools (as a function of the phase in the software life cycle) you can use to secure applications:
In this excellent and quick read, Jones then outlines open source and proprietary tools you can use to take some of the sting out of setup and testing applications during development.