With apologies to the late Adams Douglas Adams, writing a checker is hard. You just won’t believe how vastly, hugely, mind-bogglingly hard it is. I mean, you may think it’s difficult to pull together a purchase order for a new bit of software, but that’s just peanuts to writing a checker.
Posted in Static Analysis (SAST) | Comments Off on Don’t Panic: Write checkers using CodeXM
Each application security testing tool (e.g., SAST, IAST, DAST, RASP) has distinct advantages, but you’ll get the best results when you use them together.
Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP
This is the first post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals.
Posted in Static Analysis (SAST) | Comments Off on Maximizing the impact of static analysis
A little background on DO-178
We live with software failure every day—from cell phones and laptops that crash or hang to headline-grabbing stories of personal data breaches. Software has been used in safety-critical airborne applications for decades, but fatalities caused by software are unheard of in civil aviation. Why this difference? The reason is the way airborne software is certified, following the objectives defined in DO-178.
Posted in Static Analysis (SAST) | Comments Off on Making the skies safe and secure with DO-178C compliance
What are the most common security challenges in CI/CD workflows? Organizations report CI/CD security challenges related to tools, approach, speed, false positives, developer resistance, and compliance.
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST), Webinars | Comments Off on Common security challenges in CI/CD workflows
Vulnerable routers aren’t news
Long ago and far away—in 2014, which is indeed long ago and far away in our cutting-edge world of information technology—security gurus like Dan Geer, Jim Gettys, and Bruce Schneier were issuing urgent warnings about the catastrophic insecurity of routers—those devices in our homes that give us access to the World Wide Web.
Posted in Internet of Things, Static Analysis (SAST) | Comments Off on Vulnerable routers are still out there—and hackers are noticing
Traditional software security can be too slow for DevOps. The answer: DevSecOps. To create secure software quickly, you need automated static analysis.
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Enable DevSecOps with Coverity: Deliver secure code faster
The latest release of Coverity by Synopsys features seamless integration with our completely rebuilt eLearning platform, an on-demand developer training solution focusing on secure coding best practices and security guidance.
On-demand developer training enables development teams
Synopsys eLearning is an outcome-driven, learner-centric training solution that makes learning about security easy, relevant, and accessible. With eLearning, learners have on-demand access to an immersive, continuous learning ecosystem that unifies security expertise, instructional design, and storytelling into an intuitive platform. Features include:
Posted in Security Training, Static Analysis (SAST) | Comments Off on Coverity now features integrated on-demand developer training
Integrating SAST tools into the DevSecOps pipeline is critical to building a sustainable program, but it’s also important to automate them to drive efficiency, consistency, and early detection.
Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on How to integrate SAST into the DevSecOps pipeline in 5 simple steps