QA City

Join Hands to Build a Smarter India: Sign in | Join now
Most Popular

Veracode's eLearning Program Guides Developers in Creating Secure Apps

By SiliconIndia   |   Wednesday, 26 December 2012, 02:56 Hrs
Print Email


Bangalore: Veracode, the leader in cloud-based application security testing, encourages application developers to take a more proactive role in securing applications as part of a larger call to action to protect companies from vulnerabilities. Each year, companies spend billions of dollars on outsourcing software development, yet very little is spent on security verification, resulting in security breaches caused by software vulnerabilities.

Veracode also aims to limit the amount of security checks companies have to make when purchasing third-party applications by offering to developers a web-based eLearning training program. The online courses provide developers with certification and CPE credits and teach developers secure coding for ASP.NET, J2EE and C/C++. eLearning also aims to help developers measure and track their development progress and comply with ISO regulations and industry standards such as SANS Application Security Procurement Contract Language.

“The simple fact is that if someone wants your intellectual property, they are going to use the software you bought, built or outsourced to get it,” said Chris Eng, vice president of research, Veracode. “We developed these eLearning courses to provide developers with the guidelines and best practices that they should take to ensure the security of their customers.”

Veracode suggests that by following its eLearning development suggestions, developers will be able to:
1.    Protect companies from vulnerabilities. With the vast amount of threats that constantly pressure companies and government, it is important to ensure that the software applications these organizations utilize are completely secure. To certify applications are free of vulnerabilities, several processes must be employed within the Secure Development Lifecycle (SDLC), including testing the application’s security controls at each stage of development. Such tests include static analysis, dynamic analysis or penetration testing.

2.    Preserve data, IP and brand reputation. Some of the most critical application security flaws, including Cross Site Scripting (XSS) and broken authentication, allow for easy exploitation where attackers can completely take over the software, steal data, or prevent the software from working at all. In order to prevent these flaws, security practices must be integrated within the SDLC, and security of internally developed applications must be verified before they are deployed. Additionally, staying on top of patches and software updates can help bring attention to previously undiscovered flaws.

3.    Perform business as usual. During the SDLC, developers must model an application, scan the code, check the quality and ensure that it meets regulations, on top of building a unique and useful application. Automated secure development testing tools help developers adhere to these development steps, while finding and fixing security issues at the same time. Veracode offers these services as well as secure development training so that developers can gain further education and insight into security issues they may have created.

Veracode wants all developers to keep these guidelines in mind when creating applications, as they allow them to detect flaws, test the security features of the applications, and ensure the customer’s data is protected above all else.


Sign Up for QA Digest and Read the Day's Highlights
Don't Miss
Experts on QA
Sasank Taraka Kumar
QA Lead
RAM Informatics Ltd
Ramesh  Letchumanan
Testing Engnr
R and D Tech
Shridhar  Vaidya
QA Engineer
Cybage Software
Nishu  Miglani
CEO
Quest consultants
Meena  Mohan
Sr. Software Eng.
Huawei Technologies
Manish  Potdar
Associate Director
Cognizant
Uma  Maheswari Balasubramani
Sr Software Engineer
IBM
Mukesh  Jarial
Software Engineer
Interglobe
Write your comment now
 
Whitepapers
This report is the result of the largest public-private sector rese...
For those not familiar with the Coverity Scan™ service, i...
SiliconIndia About Us   |   Contact Us   |   Help   |   Community rules   |   Advertise with us   |   Sitemap   |  
News:       Technology   |   Enterprise   |   Gadgets   |   Startups   |   Finance   |   Business   |   Career   |   Magazine  |   Newsletter   |   News archive  
Cities:        CEO   |     Startup   |   Mobile   |   CIO   |   Women   |   BI   |   HR   |   SME   |   Cloud   |   Marketing   |   QA   |   Java   |   Web Developer  
Community:      Members   |   Blogs   |   Indian Entrepreneurs   |   Gyan   |   Advice   |   Community   |   Find   |   Events   |   CXO Insights  
Job Board:      Jobs   |   Freshers   |   Companies   |   HR Speak   |   Forum  
Online Courses:   Web Developer   |   Java Developer   |   CCNA Training   |   SEO   |   SAS   |   SQL Server 2005   |   J2EE
Education:   MBA   |   MCA   |   Engineering   |   Training Institute
Life:          Real Estate   |   Travel   |   Finance   |   Gadgets   |   Movie Reviews   |    Jokes  
Send your feedback and help us continue to improve SiliconIndia
© 2014 InfoConnect Web Technologies India Pvt Ltd. all rights reserved