Improving your Web application development process is one of the best ways to avoid security vulnerabilities and nasty surprises during security assessments. Learn about the points in the software development life cycle where additional security awareness and training is needed to ensure that your organization remains successful and secure.

After a security assessment has been performed as part of the web application development lifecycle, it is important to understand how to address and fix any application vulnerabilities that are uncovered. Learn more about the steps that should be taken during the remediation process, from categorization to testing and validation, and find out why collaboration among developers is critical for success.

It is important for a business to understand the fundamentals of running a vulnerability assessment in order to determine how one will be run and what can be expected from the results. A web application security scanner can automate the process, but a quality assessment may still require actual human eyes to catch specific issues. Learn more about the whys and hows of vulnerability assessments.

Lately, many people have been asking what is more important: using vulnerability analysis tools to assess web-based applications or instead focusing on penetrating testing. The fact is that both are important and that a combination approach can prove to be more valuable. Learn more about how the web application security industry has evolved and what needs to be done to ensure the security of applications.

While many developers are aware of the threats posed by malicious code, and by SQL injection attacks in particular, there are other forms of code injection that are equally dangerous. Learn more about XPath injection, LDAP injection, and command execution injection and view examples of each type of attack. In addition, learn why many preventative actions that are commonly suggested to developers are not helpful, and discover how the creation of whitelists and blacklists can help to protect an application from malicious code injection attacks.

This article has been written by Bryan Sullivan, who is a development manager at SPI Dynamics, a Web application security products company. 

Ajax programming, which allows a web page to refresh a small portion of its data from a web server, is an exciting technology that has recently been introduced. However, this type of programming can also leave applications open to SQL injection and similar attacks. It is important for the developer to test the application thoroughly for vulnerabilities before passing it on to the QA department. And the QA engineer needs to learn to "think like a hacker." Learn more about securing your website's Ajax programming.

This article has been written by Bryan Sullivan, who is a development manager at SPI Dynamics, a Web application security products company. 

   Unless you are certain that you have taken the right steps to counter SQL Injection attacks, you may be more vulnerable than you think.

    This article has been written by Bryan Sullivan, who is a development manager at SPI Dynamics, a Web application security products company. 

An important issue facing companies today is Sarbanes-Oxley compliance, but, as the U.S. Sarbanes-Oxley Act of 2002 (SOX) is relatively new, the implementation of the regulation has not been fully established. The requirements of SOX compliance focus on establishing a system of checks and balances for corporate financial reporting and are designed to hold executives, accountants, and auditors of public corporations to higher standards.

Security risk assessment and security risk management have become vital tasks for security officers and IT managers. This article looks at some of the issues.

Your Web applications can be the most important and most vulnerable entry point into your organization, and, as such, ensuring adequate hacker protection in your Web applications can be critical. A Web application not only includes the code that creates your Web site, but also the architectural components necessary to make a Web site available and useful to the public – both of which can make a Web site vulnerable to attacks like SQL injection or cross site scripting (XSS). When considering hacker protection for your Web applications, you must account for all the components that work together to create a Web site, not just the visible face presented to the world at large.