The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software. Researchers in software security can use the Top 25 to focus on a narrow but important subset of all known security weaknesses. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software.

JSLint takes a JavaScript source and scans it. If it finds a problem, it returns a message describing the problem and an approximate location within the source. The problem is not necessarily a syntax error, although it often is. JSLint looks at some style conventions as well as structural problems. It does not prove that your program is correct. It just provides another set of eyes to help spot problems.

De MonsterDebugger is an open source debugger for Adobe Flash, Flex and AIR. De MonsterDebugger is made in Flex and AIR by design studio De Monsters.

I have seen various postings about integration between FlexUnit with Ant, however most solutions seem to require a Flex server. My motivation here was to create an Ant task that has no dependency on a server. That would allow unit tests to be run in autonomously.

...

My solution is comprised of a controlling Ant task, flexunit, and a FlexUnit test runner, JUnitTestRunner, which is shown in the diagram below. The flexunit task starts a socket server running inside of a thread and launches the Flash Player, which runs the tests using the JUnitTestRunner. When JUnitTestRunner has finished running the test it formats the results as per the JUnit XML format and sends them to the flexunit task over an XML Socket, the flexunit task then saves them to disk. We can then use the JUnitReport task to create a report or use CruiseControl to create a report.

Selenium Remote Control (RC) is a test tool that allows you to write automated web application UI tests in any programming language against any HTTP website using any mainstream JavaScript-enabled browser.

JWebUnit is a Java-based testing framework for web applications. It wraps existing testing frameworks such as HtmlUnit and Selenium with a unified, simple testing interface to allow you to quickly test the correctness of your web applications.

HtmlUnit is a "browser for Java programs". It models HTML documents and provides an API that allows you to invoke pages, fill out forms, click links, etc... just like you do in your "normal" browser. It has fairly good JavaScript support (which is constantly improving) and is able to work even with quite complex AJAX libraries, simulating either Firefox or Internet Explorer depending on the configuration you want to use. It is typically used for testing purposes or to retrieve information from web sites.

Bamboo automates the process of compiling and testing source code, saving time and instantly alerting you of build problems.

Here's a tip if you are trying to do some unit testing with Acegi Security - particularly if you are doing role based authorization of method calls on your manager objects via interception. Basically, a secure method interceptor will a) need an authentication token to play with, and b) a way to

find out what authorities the user has.

We need to cater for this when running the tests.