Software Integrity Blog

Archive for the 'Static Analysis (SAST)' Category


Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP

Every application security testing tool—SAST, IAST, DAST, and RASP—has its distinct advantages, but you’ll get the best results when you use them together.

Continue Reading...

Posted in Infographic, Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security


Maximizing the impact of static analysis

This is the first post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. Aligning static analysis with development goals Application security responsibilities are shifting to the developer as organizations look to produce secure, high-quality software at a competitive pace. Because of […]

Continue Reading...

Posted in Static Analysis (SAST)


Making the skies safe and secure with DO-178C compliance

A little background on DO-178 We live with software failure every day—from cell phones and laptops that crash or hang to headline-grabbing stories of personal data breaches. Software has been used in safety-critical airborne applications for decades, but fatalities caused by software are unheard of in civil aviation. Why this difference? The reason is the […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST), Weekly Security Mashup


How RASP complements application security testing to minimize risk

In the era of agile development and outsourcing, implementing a secure software development life cycle (SSDLC) is critical. However, it may not help you achieve the level of risk mitigation you desire. You may need to extend your software security approach to provide an additional layer of protection for applications once they have been deployed. […]

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security


Common security challenges in CI/CD workflows

What are the most common security challenges in CI/CD workflows? Organizations report CI/CD security challenges related to tools, approach, speed, false positives, developer resistance, and compliance. Meera Rao, director of the secure development practice at Synopsys, explains how to deal with each one effectively. In a recent webinar that I co-presented with Jay Lyman, principal […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST)


Vulnerable routers are still out there—and hackers are noticing

Vulnerable routers aren’t news Long ago and far away—in 2014, which is indeed long ago and far away in our cutting-edge world of information technology—security gurus like Dan Geer, Jim Gettys, and Bruce Schneier were issuing urgent warnings about the catastrophic insecurity of routers—those devices in our homes that give us access to the World […]

Continue Reading...

Posted in Internet of Things, Static Analysis (SAST)


Coverity now features integrated on-demand developer training

The latest release of Coverity by Synopsys features seamless integration with our completely rebuilt eLearning platform, an on-demand developer training solution focusing on secure coding best practices and security guidance. On-demand developer training enables development teams Synopsys eLearning is an outcome-driven, learner-centric training solution that makes learning about security easy, relevant, and accessible. With eLearning, learners […]

Continue Reading...

Posted in Security Training, Static Analysis (SAST)


Examining Spectre and Meltdown attacks

As you have no doubt heard, Spectre and Meltdown aren’t software bugs that can be fixed in a few days or weeks when a company pushes out a patch. They are part of the architecture of hardware – the chips that run your computer. And you don’t just roll out a patch for hardware. Chips […]

Continue Reading...

Posted in Software Architecture and Design, Static Analysis (SAST)


OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

Black Duck by Synopsys announces OpsSight 2.0. Abbott strengthens pacemaker software against vulnerabilities. A year after disclosure, the Struts vulnerability is still a danger to thousands of companies. And the new Synopsys Security Mashup video is up. Software Integrity Insight is your resource on the cyber security and open source security news that made headlines […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security, Medical Device Security, Static Analysis (SAST)


How to integrate SAST into the DevSecOps pipeline in 5 simple steps

Integrating SAST tools into the DevSecOps pipeline is critical to building a sustainable program, but it’s also important to automate them to drive efficiency, consistency, and early detection.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST)