Software Integrity Blog

Archive for the 'Static Analysis (SAST)' Category

 

Let’s write a CodeXM checker (it’s not rocket science!)

All systems are go. We have liftoff. Let’s write some CodeXM.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Let’s write a CodeXM checker (it’s not rocket science!)

 

Securing applications with Coverity’s static analysis results

This is the third post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Securing applications with Coverity’s static analysis results

 

CodeXM: Awesome code checker power (itty-bitty learning curve!)

What you need to know, and (more importantly) what you don’t, about the CodeXM checkers.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on CodeXM: Awesome code checker power (itty-bitty learning curve!)

 

Integrating Coverity static analysis into development workflows

This is the second post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Integrating Coverity static analysis into development workflows

 

Spectre checker keeps up with the latest exploits

In a recent blog post, Detecting Spectre vulnerability exploits with static analysis, we showed how developers can use static analysis to help protect their applications from the Spectre variant 1 vulnerability (bounds check bypass). Synopsys Software Integrity Group released a checker for Coverity (AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK) that helps developers identify vulnerable code. The result is increased protection against Spectre without the performance cost of completely forgoing speculative execution.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Spectre checker keeps up with the latest exploits

 

Don’t Panic: Write checkers using CodeXM

With apologies to the late Adams Douglas Adams, writing a checker is hard. You just won’t believe how vastly, hugely, mind-bogglingly hard it is. I mean, you may think it’s difficult to pull together a purchase order for a new bit of software, but that’s just peanuts to writing a checker.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Don’t Panic: Write checkers using CodeXM

 

The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

Each application security testing tool (e.g., SAST, IAST, DAST, RASP) has distinct advantages, but you’ll get the best results when you use them together.

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

 

Maximizing the impact of static analysis

This is the first post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Maximizing the impact of static analysis

 

Making the skies safe and secure with DO-178C compliance

A little background on DO-178 We live with software failure every day—from cell phones and laptops that crash or hang to headline-grabbing stories of personal data breaches. Software has been used in safety-critical airborne applications for decades, but fatalities caused by software are unheard of in civil aviation. Why this difference? The reason is the way airborne software is certified, following the objectives defined in DO-178.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Making the skies safe and secure with DO-178C compliance

 

Common security challenges in CI/CD workflows

What are the most common security challenges in CI/CD workflows? Organizations report CI/CD security challenges related to tools, approach, speed, false positives, developer resistance, and compliance.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Common security challenges in CI/CD workflows