Secure by Design: Taking the next steps in application security
For those of us involved with software andsystems development, but who happen notto be experts in testing (there are a few of us out here) or application security(ditto), some of the terminology used for code analysis can sound down
By contrast, “white box testing” doesn’trequire you to execute the code (well, you could,but let’s keep this simple). Your goal is to test the internal structure of thecode. In terms of household electricity, it’s analogous to the continuity test:with the power off, you can determine whether or not a particular light switch isworking properly according to its internal design. If not, you’re out a buckfifty to replace the switch; no big deal.
In software development, however, the stakesare considerably higher. Whole businesses and reputations can be seri
Enter “glass box testing” -- another one ofthose phrases that can conjure up fairytale imagery. Snow White, anyone? Infact, glass box testing is an important mode of analysis that helps teamsunderstand the structural integrity of their code, while combining elements ofblack box testing.
With this latest release of Rational AppScanStandard Edition v8.5, software and systems development teams get new glass boxtesting capability with run-time analysis -- which is a form of inte
Today’s highest application vuln
This is where the new release of IBMRational AppScan can make a difference, by promoting collaboration among thestakeholders and integration into existing development processes.
Please take a moment to read a little moreabout this important security testing announcement from the IBM Rationalsoftware team.