Software Integrity Blog

Search Results for 'pen testing'

 

Pen testing best practices to take the pain out of penetration testing

I encounter many techies who love the science of penetration testing. They’re captivated by the technology stack, the vulnerabilities, and the tools at their disposal. But, at the same time, they find the task of pen testing itself aggravating and stressful. A real pain. Why is that? I noticed a common theme in their explanations when asked—the fun of breaking something is offset by the irritation of the overhead and mundane tasks required to get to the fun part. These individuals are my associates, my clients, and my friends. I recently started pondering how I could help them remove this pain from pen testing. I was especially perplexed because I knew these techies to be just that—exceptionally technically knowledgeable and capable.

Continue Reading...

Posted in Web Application Security

 

Is pen testing security testing?

Some people start “Security Testing” by buying and using a pen-test tool on project. Such tools uncover security vulnerabilities (though they seldom help with root cause analysis or even obtaining double-digit code coverage).

Continue Reading...

Posted in Web Application Security

 

Software security myth #3: Penetration testing solves everything

Security testing is important. Conducting specialized penetration tests at the end of the software development life cycle (SDLC) can be a rewarding security activity for your organization. Penetration testing is, after all, the most frequently and commonly applied of all software security practices. But, this isn’t necessarily a good thing.

Continue Reading...

Posted in Software Architecture and Design, Web Application Security

 

Is conventional penetration testing enough to secure e-commerce applications?

To secure e-commerce applications, you need more than conventional penetration testing. Learn how to secure your retail apps against the most common threats.

Continue Reading...

Posted in Software Architecture and Design, Web Application Security

 

Synopsys named a leader in the 2019 Gartner MQ for Application Security Testing—3 years running

In the 2019 Gartner Magic Quadrant for Application Security Testing, Synopsys leads the field for our ability to execute and our completeness of vision.

Continue Reading...

Posted in Featured, General

 

How to choose between enterprise and open source static analysis

Both enterprise and open source static analysis tools can boost your application security program. But each has its strengths. Learn more before you choose one.

Continue Reading...

Posted in Static Analysis (SAST)

 

Seeker: Bringing security testing to QA

Security testing in QA was once difficult to achieve, but the advent of interactive application security testing makes it a reality for many organizations.

Continue Reading...

Posted in Interactive Application Security Testing (IAST)

 

How to improve software security testing in the auto industry

In the automotive industry, security is safety. And auto software security testing, like all security testing, needs to shift left to be effective.

Continue Reading...

Posted in Automotive Security

 

3 takeaways from “Managing the Business Risks of Open Source” webinar

Managing open source risk is essential today, when open source use is abundant but can threaten your business. Here are three key points from our webinar.

Continue Reading...

Posted in General, Open Source Security, Webinars

 

Preparing for an open source audit: Which software assets are worth analyzing?

In an open source software audit, you should scan all software assets required to build your applications. But how do you identify and locate them?

Continue Reading...

Posted in Open Source Security