Software Integrity

Search Results for 'dynamic analysis'

 

Static analysis tools: Are they the best for finding bugs?

Before we can dig deeper into the topic of static analysis, we must first understand how it works. Once a foundation has been established, we’ll then analyze a variety of scenarios to determine when static analysis tools are the best method to find security bugs. What is static analysis? Static analysis refers to the examination […]

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Static analysis tools: Are they the best for finding bugs?

 

Gary McGraw discusses the security risks of dynamic code

Dynamic language and associated development and operations (DevOps) methodologies change and evolve constantly. Due to these intentionally ever-changing dynamic aspects of software, security measures must also be in a constant state of progression. The old-school software security approach relied on searching for defects at the very end of the software development life cycle (SDLC). When considering […]

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on Gary McGraw discusses the security risks of dynamic code

 

Static analysis for security

What is static analysis for security? Read about what it’s supposed to do, the best approaches, its limitations, and what to look for in a good static analysis tool. The original version of this article was published in IEEE Security & Privacy magazine. All software projects are guaranteed to have one artifact in common—source code. Together […]

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Static analysis for security

 

Half a billion IoT devices vulnerable, breaches at Homeland Security, FedEx, and the fastest growing cyberthreat

Software Integrity Insight is switching over to a monthly schedule, but we’ll still bring you the best SAST, DAST, and SCA security news as we find it. And don’t despair: You can still get your weekly fix of application security (and insecurity) news by following our colleague Taylor Armerding’s video blog, Security Mashup. With so […]

Continue Reading...

Posted in Open Source Security | Comments Off on Half a billion IoT devices vulnerable, breaches at Homeland Security, FedEx, and the fastest growing cyberthreat

 

How RASP complements application security testing to minimize risk

In the era of agile development and outsourcing, implementing a secure software development life cycle (SSDLC) is critical. However, it may not help you achieve the level of risk mitigation you desire. You may need to extend your software security approach to provide an additional layer of protection for applications once they have been deployed. […]

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on How RASP complements application security testing to minimize risk

 

Bad Signal gets quick fix

It looked like a bright spot in a gloomy week for the encrypted messaging app Signal. And it was, in fact, a positive thing—a patch for a serious XSS (cross-site scripting) vulnerability that the company made available only hours after a public report of the problem. It just wasn’t quite as bright a moment as […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Bad Signal gets quick fix

 

Do security and quality really belong in the same conversation?

In software development shops across the world there is a strong emphasis on quality over security. But, these two key practices in the development process are not mutually exclusive. They are, in fact, two sides of the same coin joined together by their similar processes, artifacts, and goals. These include testing the software for defects, […]

Continue Reading...

Posted in Uncategorized | Comments Off on Do security and quality really belong in the same conversation?

 

Software integrity is a journey, not a destination

As software evolves, there is an underlying focus on a goal (or set of goals). From an organizational perspective, software security is an operation that protects critical business practices. Thus, it should become a habitual element of the development process—in the same way that quality implications are considered to meet specific goals. This proactive point of […]

Continue Reading...

Posted in Uncategorized | Comments Off on Software integrity is a journey, not a destination

 

CVE-2017-2636 strikes Linux kernel with double free vulnerability

We often talk about how open source is not less secure (or more secure) than commercial software. For one thing, commercial software contains so much open source that it’s difficult to find anything that doesn’t include open source. There are, however, characteristics of open source that make it attractive to attackers when vulnerabilities are disclosed. Briefly, when […]

Continue Reading...

Posted in Open Source Security | Comments Off on CVE-2017-2636 strikes Linux kernel with double free vulnerability

 

Do you have the right tools in your application security toolkit?

RSA Conference 2017 is just a few weeks away and all you need to do to get a sense of the mind-boggling array of security solutions on the market is to take a walk through one of the two massive expo halls. Even if your search is focused on application security solutions, the wide variety […]

Continue Reading...

Posted in Static Analysis (SAST), Web Application Security | Comments Off on Do you have the right tools in your application security toolkit?