When you think about PHP, it is often associated with small applications made by passionate developers for their personal use — generally websites with low database usage and/or few visitors. Well, how wrong we are! PHP is used for a large panel of applications that generate a lot of traffic, for example public administrations or big companies. These entities require their applications maintain high scalability, availability, and, of course, no drop of performance. It’s no wonder that performance and speed are very popular quality goals when it comes to PHP.
Introducing Security into Mainstream Development – Part 2
Last month, I had the opportunity to discuss the expanding threat of mobile IT security with CAST’s audience. The feedback we got was so overwhelming, I wanted to answer the questions we might have missed here on the blog. Lev already answered some of your questions in a previous post, so for my follow-up post, I’ll focus on the risks that often go ignored throughout the software development process.
Two great new features drive Highlight 1.7 update
Good news Highlight fans! We’re taking our SaaS software analysis and measurement platform to the next level with our most recent release, Highlight 1.7. This release focuses on automation and improving the quality of web based applications. You can read more about it in our most recent press release. The two major features of this upgrade are: PHP analyzer: We added a PHP code quality analyzer that enables you to include web applications or components in your portfolio analysis. Highlight now checks the quality of the code of client-facing web applications such as custom-built shopping carts, communication sites, or web portals designed to increase worker productivity. Automation toolkit: You can … Read More
10 tips that can improve the performance of .Net web applications
When every product has the same features, the only way to make a difference in the jungle that is today’s software ecosystem is by having the one that performs best. Of course, in this article, by product, we mean application and its code. For .Net applications, this is truer than ever. Here are ten tips that can greatly improve the performance of your .Net application
False positives in SAM — Achilles’ heel or Samson’s hair?
False positives are unavoidable and appear in every software application measurement system, with more or less importance. There are several causes to that situation. First, the more we search for information, the higher the risk of false positives. Second, the more complex the information is to search, the higher the risk of errors. And third, the less sophisticated the technique used to scan the code, the higher the risk of having bad results. In this last case, the different techniques commonly used varied from a simple grep search to syntax-based parsing, semantic resolution, and dataflow analysis. However, the situation can be seen following two opposite points of view: a negative … Read More
There is code duplication detection and code duplication detection
Many software solutions feature the detection of duplicated source code. Indeed, this is one cornerstone of software analysis and measurement: It is easy to understand the value of dealing with duplicated code: avoiding the propagation of bugs and evolutions in all copies of the faulty piece of code, promoting reuse, and avoiding an unnecessarily large code base (especially when maintenance outsourcing is billed by the line of code). Now that everyone is convinced of the importance of such capabilities, lets dive deeper into how to do it. There are various solutions and not all are equal. Can the difference be explained without looking at an algorithm or cryptic formulas? Let’s … Read More
Introducing Security into Mainstream Development – Part 1
We held a webcast last week with Mark Wireman of OpenSky, who is an expert in application security and has worked in this space for 15 years. We appreciate Mark taking the time to share his experience securing applications in the enterprise and responding to the onslaught of mobile-based entry points in the application development process. During the course of the hour, we received a number of interesting questions and comments and thought they would make great topics for a few blog posts. Stay tuned for a follow-up post from Mark, which will include answers to several questions on Appsec in agile development. Defensive vs. Offensive There was a question … Read More