Ilya Kozhevnikov

The most common web application security weakness is the failure to properly validate input from the client or environment. This weakness leads to almost all of the major vulnerabilities in applications, such as interpreter injection, locale/Unicode attacks, file system attacks and buffer overflows. Data from the client should never be trusted for the client has every possibility to tamper with the data.

In many cases, Encoding has the potential to defuse attacks that rely on lack of input validation. For example, if you use HTML entity encoding on user input before it is sent to a browser, it will prevent most XSS attacks. However, simply preventing attacks is not enough - you must perform Intrusion Detection in your applications. Otherwise, you are allowing attackers to repeatedly attack your application until they find a vulnerability that you haven’t protected against. Detecting attempts to find these weaknesses is a critical protection mechanism.

Continue Reading »

Software Quality Professional

The Software Quality Professional (SQP) is a quarterly, peer-reviewed journal, published by the American Society for Quality (ASQ). Its mission is to help software professionals apply quality principles to the development and use of software and software-based systems. SQP publishes case studies, experienced-based reports, and state-of-the-art reviews in order to provide practitioners with an understanding of those software quality practices that have proven effective in a wide range of industries, applications, and organizational settings. To enhance personal and professional growth, the journal provides a forum for exchanging practical ideas and experiences. SQP constantly strives to improve the professionalism of practitioners, the satisfaction of customers, and the well being of the larger society. Take a look inside the latest issue of the Software Quality Professional. There you’ll be able to read article summaries, full-text articles, and resource reviews from the most recent issue. You’ll also be able to peruse past issues, review our author guidelines, or subscribe. The Software Quality Professional is published quarterly in December, March, June, and September.

http://www.asq.org/pub/sqp/

Better Software

Better Software is the magazine for software professionals who care about quality. Each issue brings you relevant, timely information to help you build better software. Continuing to deliver in-depth articles on testing, tools, defect tracking, metrics, and management, it’s the only commercial magazine exclusively dedicated to software professionals. Within the pages of each issue you’ll find heavy hitting articles about solutions to common management problems, coverage on emerging technologies, and more. You’ll benefit from expert analysis and real-world case studies in the areas of Testing & Analysis, Managing People & Teams, and Tools & Techniques.

http://www.stickyminds.com/BetterSoftware/

Software Test & Performance

Software Test & Performance, a monthly magazine focused on testing and software performance issues. ST&P reaches more than 25,000 software development managers, project and team leaders, and Test & QA managers.

http://www.stpmag.com/

Methods & Tools

Methods & Tools is a free magazine with PDF and text issues with practical knowledge, information and resources on software development and software engineering: UML, Agile Methodologies (eXtreme Programming - XP, Scrum, Test Driven,..), Software Testing, Configuration Management, Databases, RUP, Software Project Management, Programming (Java, .NET, Ruby on Rails, Ajax), Software Analysis and Design, Quality Assurance, Software Process Improvement (CMMI), Software Development Tools, Risk Management, etc.

http://www.martinig.ch/mt/