YOUR FEEDBACK
Immo Huneke wrote: A well written article, an ingenious solution to a real problem often encountere...
Jan. 6, 2009 08:14 AM
Cloud Computing Conference
March 30 - April 1, New York
Register Today and SAVE !..
Did you read today's front page stories & breaking news?
SYS-CON.TV: JBoss's Seam: Eliminate Complexity and Build Next-Generation Web 2.0 Applications

2008 East
DIAMOND SPONSOR:
Data Direct
Frontiers in Data Access: The Coming Wave in Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
Intel
Virtualization – Path to Predictive Enterprise
Green Hills
IT Security in a Hostile World
JBoss / freedom oss
Practical SOA Approach
GOLD SPONSORS:
Software AG
The Art & Science of SOA: How Governance Enables Adoption
PlateSpin
Effective Planning for Virtual Infrastructure Growth
Fujitsu
Automated Business Process Discovery & Virtualization Service
Ceedo
Workspace Virtualization
Click For 2007 West
Event Webcasts

2008 East
PLATINUM SPONSORS:
Appcelerator
Think Fast: Accelerate AJAX Development with Appcelerator
GOLD SPONSORS:
DreamFace Interactive
The Ultimate Framework for Creating Personalized Web 2.0 Mashups
ICEsoft
AJAX and Social Computing for the Enterprise
Kaazing
Enterprise Comet: Real–Time, Real–Time, or Real–Time Web 2.0?
Nexaweb
Now Playing: Desktop Apps in the Browser!
Sun
jMaki as an AJAX Mashup Framework
POWER PANELS:
The Business Value
of RIAs
What Lies Beyond AJAX?
KEYNOTES:
Douglas Crockford
Can We Fix the Web?
Anthony Franco
2008: The Year of the RIA
Click For 2007 Event Webcasts

SYS-CON.TV
SYS-CON.TV WEBCASTS
JACKBE The Big A(architecture in AJAX)
INSTANTIATIONS Eclipse Rich Internet Platform with Taylor and Milinkovich
YAHOO! Applying AJAX to Speed User's Journey
ENERJY WEBCAST Java Code Quality Management
APP SERVER SHOOT-OUT with Microsoft, IBM, JBoss, Sun, BEA, and Oracle
TOP THREE LINKS YOU MUST CLICK ON


Applications
Building Security into Software with Security Policies & Static Analysis
Security, like quality, must be built into the application - not achieved through bug-finding

By: Dr. Adam Kolawa
Feb. 19, 2008 04:15 PM

The common approach to securing applications is to try to identify and remove all of the application's security vulnerabilities at the end of the development process. However, this bug-finding approach is not only resource-intensive, it's largely ineffective. To have any chance of exposing all of the security vulnerabilities that may be nested throughout the application, the team would have to identify every single path through the application then rigorously test each and every one. And any error found would be difficult to fix, considering that the effort, cost, and time required to fix each one increases exponentially as the development process progresses. Most importantly, the bug-finding approach to security fails to address the root cause of the problem - the fact that security, like quality, must be built into the application.

Building security into an application involves designing and implementing the application according to a policy for reducing the risk of security attacks then verifying that the policy is implemented and operating correctly.

Published Feb. 19, 2008— Reads 7,452
Copyright © 2009 SYS-CON Media. All Rights Reserved.
Related Stories
▪ SOA Best Practices - Four Steps to Securing Your Web Services
▪ OSS: A Tactical Plan for Building Applications
▪ SOA World - Exclusive Q&A with Dr Adam Kolawa, Co-founder & CEO of Parasoft
About Dr. Adam Kolawa
Adam Kolawa is the co-founder and CEO of Parasoft, leading provider of solutions and services that deliver quality as a continuous process throughout the SDLC. In 1983, he came to the United States from Poland to pursue his PhD. In 1987, he and a group of fellow graduate students founded Parasoft to create value-added products that could significantly improve the software development process. Adam's years of experience with various software development processes has resulted in his unique insight into the high-tech industry and the uncanny ability to successfully identify technology trends. As a result, he has orchestrated the development of numerous successful commercial software products to meet growing industry needs to improve software quality - often before the trends have been widely accepted. Adam has been granted 10 patents for the technologies behind these innovative products. Kolawa, co-author of Bulletproofing Web Applications (Hungry Minds 2001), has contributed to and written over 100 commentary pieces and technical articles for publications including The Wall Street Journal, Java Developer's Journal, SOA World Magazine, AJAXWorld Magazine; he has also authored numerous scientific papers on physics and parallel processing. His recent media engagements include CNN, CNBC, BBC, and NPR. Additionally he has presented on software quality, trends and development issues at various industry conferences. Kolawa holds a Ph.D. in theoretical physics from the California Institute of Technology. In 2001, Kolawa was awarded the Los Angeles Ernst & Young's Entrepreneur of the Year Award in the software category.

BEA WEBLOGIC LATEST STORIES
By Salvatore Genovese
Okay, here's the deal. When you observe the big software guys and see how quickly they adopt emerging technologies, which will change IT the way we know it today, here is what we see. Larry Ellison invested millions in old SaaS / cloud companies, which gave him zippo in return, and he ...
By Cloud Computing News Desk
SYS-CON Events announced today that more than 40 Cloud technology providers, as well as Virtualization and SOA companies will exhibit at the upcoming 1st International Cloud Computing Conference & Expo (www.CloudComputingExpo.com), November 19-21, in San Jose, California. The conferenc...
SYS-CON Events announced today that the leading global SOA, Virtualization, Cloud Computing and Open Source technology provider FreedomOSS named "Gold Sponsor" of SYS-CON's SOA World Conference & Expo which will take place November 19-21, 2008, at the Fairmont Hotel in the heart of Sil...
By Maureen O'Gara
Cassatt, the company started by BEA founder Bill Coleman, is redirecting its data center widgetry into creating internal clouds comparable to Amazon or Google out of infrastructure customers already have in-house. Coleman observed that most IT professionals aren’t comfortable outsour...
By Cloud Computing News Desk
Just as people begin to understand the difference between web ops and IT, we are entering a period where clouds promise "Ops-Free" computing. Because it’s easy, scalable, available and disposable, the cloud is well on its way to becoming “technology’s next big thing.” However, ...
By Java News Desk
Gartner Magic Quadrants position vendors within a particular market segment based on their completeness of vision and their ability to execute on that vision. According to Gartner, vendors in the Leaders quadrant "have a full range of capabilities to support a range of portal deploymen...
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS
SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021
Click Here
SYS-CON FEATURED WHITEPAPERS

MOST READ THIS WEEK
By Jeremy Geelan
By WebSphere News Desk
ADS BY GOOGLE
BREAKING NEWS FROM THE WIRES
Intertech (http://www.intertech.com), a leading provider of .NET training and Java training, has ann...
Dec. 22, 2008 05:07 PM