Software Security

Archive for the 'Dynamic Analysis (DAST)' Category

 

How to create clean images for corporate hardware

Planning an IT initiative can present many challenges, one of which being the choice of software in the organization’s base computer images. When starting out small, it may make sense to buy machines off the shelf if expansion is not anticipated in the near future. However, choosing to do so often includes unwanted programs that add […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Security Risk Assessment | Comments Off on How to create clean images for corporate hardware

 

Avoiding false positives in application security through customization

With the current increase in tool-based scans throughout the security industry, it becomes all-the-more challenging to identify the right issues and reduce false positives. For example, with static and dynamic code scanning there are tools and plugins like Fortify, AppScan, and FindBugs. These come with a standard set of default rules to identify the issues. However, […]

Continue Reading...

Posted in Code Review, Dynamic Analysis (DAST), Software Security Testing, Static Analysis (SAST) | Comments Off on Avoiding false positives in application security through customization

 

SAST and DAST: Part of a balanced software security initiative

Originally posted on SecurityWeek “…is part of this balanced breakfast…” This is the claim of many sugary cereals aimed directly at children. It is also the claim of many vendors in the software security market. Selling cereal targeting children is an interesting proposition. To make the adults that ultimately have to buy the cereal feel […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Software Development Life Cycle (SDLC), Software Security Program Development, Software Security Testing, Static Analysis (SAST) | Comments Off on SAST and DAST: Part of a balanced software security initiative

 

SAST vs. DAST: What’s the best method for application security testing?

High profile security breaches are leading to heightened organizational security concerns. Firms around the world are now observing the consequences of security breaches that are becoming more widespread and more advanced. Due to this, firms are ready to identify vulnerabilities in their applications and mitigate the risks. Two ways to go about this are static application security testing (SAST) […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Static Analysis (SAST) | Comments Off on SAST vs. DAST: What’s the best method for application security testing?

 

Agile methodology and application security: A promising pair

Agile and application security are often spoken of together as oil and water, but are they really? Agile software development happens fast. The high frequency of iterations and releases often translates to wildly dynamic application build structures, with new components/modules added regularly throughout the software development life cycle (SDLC). This iterative approach enables teams to […]

Continue Reading...

Posted in Agile Methodology, Application Security, Dynamic Analysis (DAST), Penetration Testing, Software Development Life Cycle (SDLC), Static Analysis (SAST), Threat Modeling | Comments Off on Agile methodology and application security: A promising pair

 

SecureAssist helps developers build security into any software development life cycle

The issue The primary goal of a software developer is to get through the edit, compile, debug workflow as efficiently as possible, ensuring that software is working correctly and is delivered on time. As a result, security isn’t a developer’s top priority. While businesses don’t want to release defective or insecure software, many don’t have […]

Continue Reading...

Posted in Dynamic Analysis (DAST), Software Development Life Cycle (SDLC), Software Security Testing, Static Analysis (SAST), Vulnerability Assessment | Comments Off on SecureAssist helps developers build security into any software development life cycle

 

Gary McGraw discusses the security risks of dynamic code

Dynamic language and associated development and operations (DevOps) methodologies change and evolve constantly. Due to these intentionally ever-changing dynamic aspects of software, security measures must also be in a constant state of progression. The old-school software security approach relied on searching for defects at the very end of the software development life cycle (SDLC). When considering […]

Continue Reading...

Posted in Dynamic Analysis (DAST), Security Architecture, Software Security Testing, Vulnerability Assessment | Comments Off on Gary McGraw discusses the security risks of dynamic code

 

Serving resources over SSL with CSP upgrade-insecure-requests

You know how AppScan Standard and other dynamic testing tools report a finding when an HTTPS page accesses some HTTP resources? How do you fix this issue effectively? Perhaps, the owners of those resources already did all the server-side legwork: obtaining a certificate, configuring the server and setting up redirects. And they’ve ensured that the […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST) | Comments Off on Serving resources over SSL with CSP upgrade-insecure-requests

 

You can’t take a one-size-fits-all approach to application security

What’s in your security toolbox? If you’ve invested in a tool to assist with your security efforts, you’re not alone. According to a recent survey by 451 Research, tool acquisition is on the rise: Web application scanning (dynamic scanning) – 60% adoption rate Web application firewalls – 38% adoption rate Database security – 36% adoption […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Static Analysis (SAST) | Comments Off on You can’t take a one-size-fits-all approach to application security

 

Alphabet soup: SAST, DAST, IAST, and RASP explained

Turns out that the most important part of a software security initiative is FIXing the bugs that you FIND no matter how you find the bugs. So just what do all of the alphabet soup tools do? How do they help you fix what you find? And how do they scale? FWIW, tools of all […]

Continue Reading...

Posted in Application Security, Cloud Security, Dynamic Analysis (DAST), Static Analysis (SAST) | Comments Off on Alphabet soup: SAST, DAST, IAST, and RASP explained