Software Integrity

Archive for the 'Dynamic Analysis (DAST)' Category

 

Get the latest resource helping development teams overcome widespread challenges

Only when security is treated with the same importance as quality can your software’s integrity drive a proactive strategy rather than a reactive response. In addition to ensuring software quality, development teams are under increasing pressure to address software security concerns. The high-profile data breaches that continuously arise are raising awareness of security issues. Because […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Fuzz Testing, Interactive Application Security Testing (IAST), Security Training, Software Quality, Static Analysis (SAST)

 

How to create clean images for corporate hardware

Planning an IT initiative can present many challenges, one of which being the choice of software in the organization’s base computer images. When starting out small, it may make sense to buy machines off the shelf if expansion is not anticipated in the near future. However, choosing to do so often includes unwanted programs that add […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Security Risk Assessment

 

Do you have the right tools in your application security toolkit?

RSA Conference 2017 is just a few weeks away and all you need to do to get a sense of the mind-boggling array of security solutions on the market is to take a walk through one of the two massive expo halls. Even if your search is focused on application security solutions, the wide variety […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Static Analysis (SAST)

 

Application security testing tools: A question of when not which

As a “non-tech” attendee at Black Duck’s Flight16 user conference, I had my work cut out for me keeping track of all the buzz words and acronyms. However, after attending Mike Pittenger’s session, “Filling Your AppSec Toolbox,” I learned a lot about some of the most important application security testing tools in the world of […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Security Conference or Event, Software Security Testing, Static Analysis (SAST)

 

Avoiding false positives in application security through customization

With the current increase in tool-based scans throughout the security industry, it becomes all-the-more challenging to identify the right issues and reduce false positives. For example, with static and dynamic code scanning there are tools and plugins like Fortify, AppScan, and FindBugs. These come with a standard set of default rules to identify the issues. However, […]

Continue Reading...

Posted in Code Review, Dynamic Analysis (DAST), Software Security Testing, Static Analysis (SAST)

 

SAST and DAST: Part of a balanced software security initiative

Originally posted on SecurityWeek “…is part of this balanced breakfast…” This is the claim of many sugary cereals aimed directly at children. It is also the claim of many vendors in the software security market. Selling cereal targeting children is an interesting proposition. To make the adults that ultimately have to buy the cereal feel […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Software Development Life Cycle (SDLC), Software Security Program Development, Software Security Testing, Static Analysis (SAST)

 

SAST vs. DAST: What’s the best method for application security testing?

High profile security breaches are leading to heightened organizational security concerns. Firms around the world are now observing the consequences of security breaches that are becoming more widespread and more advanced. Due to this, firms are ready to identify vulnerabilities in their applications and mitigate the risks. Two ways to go about this are static application security testing (SAST) […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Static Analysis (SAST)

 

Agile methodology and application security: A promising pair

Agile and application security are often spoken of together as oil and water, but are they really? Agile software development happens fast. The high frequency of iterations and releases often translates to wildly dynamic application build structures, with new components/modules added regularly throughout the software development life cycle (SDLC). This iterative approach enables teams to […]

Continue Reading...

Posted in Agile Methodology, Application Security, Dynamic Analysis (DAST), Penetration Testing, Software Development Life Cycle (SDLC), Static Analysis (SAST), Threat Modeling

 

SecureAssist helps developers build security into any software development life cycle

The issue The primary goal of a software developer is to get through the edit, compile, debug workflow as efficiently as possible, ensuring that software is working correctly and is delivered on time. As a result, security isn’t a developer’s top priority. While businesses don’t want to release defective or insecure software, many don’t have […]

Continue Reading...

Posted in Dynamic Analysis (DAST), Software Development Life Cycle (SDLC), Software Security Testing, Static Analysis (SAST), Vulnerability Assessment

 

Gary McGraw discusses the security risks of dynamic code

Dynamic language and associated development and operations (DevOps) methodologies change and evolve constantly. Due to these intentionally ever-changing dynamic aspects of software, security measures must also be in a constant state of progression. The old-school software security approach relied on searching for defects at the very end of the software development life cycle (SDLC). When considering […]

Continue Reading...

Posted in Dynamic Analysis (DAST), Security Architecture, Software Security Testing, Vulnerability Assessment