Software Integrity Blog

Archive for the 'Static Analysis (SAST)' Category

 

Don’t Panic: Write checkers using CodeXM

With apologies to the late Adams Douglas Adams, writing a checker is hard. You just won’t believe how vastly, hugely, mind-bogglingly hard it is. I mean, you may think it’s difficult to pull together a purchase order for a new bit of software, but that’s just peanuts to writing a checker.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Don’t Panic: Write checkers using CodeXM

 

The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

Each application security testing tool (e.g., SAST, IAST, DAST, RASP) has distinct advantages, but you’ll get the best results when you use them together.

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

 

Maximizing the impact of static analysis

This is the first post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Maximizing the impact of static analysis

 

Making the skies safe and secure with DO-178C compliance

A little background on DO-178 We live with software failure every day—from cell phones and laptops that crash or hang to headline-grabbing stories of personal data breaches. Software has been used in safety-critical airborne applications for decades, but fatalities caused by software are unheard of in civil aviation. Why this difference? The reason is the way airborne software is certified, following the objectives defined in DO-178.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Making the skies safe and secure with DO-178C compliance

 

Common security challenges in CI/CD workflows

What are the most common security challenges in CI/CD workflows? Organizations report CI/CD security challenges related to tools, approach, speed, false positives, developer resistance, and compliance.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST), Webinars | Comments Off on Common security challenges in CI/CD workflows

 

Vulnerable routers are still out there—and hackers are noticing

Vulnerable routers aren’t news Long ago and far away—in 2014, which is indeed long ago and far away in our cutting-edge world of information technology—security gurus like Dan Geer, Jim Gettys, and Bruce Schneier were issuing urgent warnings about the catastrophic insecurity of routers—those devices in our homes that give us access to the World Wide Web.

Continue Reading...

Posted in Internet of Things, Static Analysis (SAST) | Comments Off on Vulnerable routers are still out there—and hackers are noticing

 

Enable DevSecOps with Coverity: Deliver secure code faster

Traditional software security can be too slow for DevOps. The answer: DevSecOps. To create secure software quickly, you need automated static analysis.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Enable DevSecOps with Coverity: Deliver secure code faster

 

Coverity now features integrated on-demand developer training

The latest release of Coverity by Synopsys features seamless integration with our completely rebuilt eLearning platform, an on-demand developer training solution focusing on secure coding best practices and security guidance. On-demand developer training enables development teams Synopsys eLearning is an outcome-driven, learner-centric training solution that makes learning about security easy, relevant, and accessible. With eLearning, learners have on-demand access to an immersive, continuous learning ecosystem that unifies security expertise, instructional design, and storytelling into an intuitive platform. Features include:

Continue Reading...

Posted in Security Training, Static Analysis (SAST) | Comments Off on Coverity now features integrated on-demand developer training

 

Examining Spectre and Meltdown attacks

Continue Reading...

Posted in Software Architecture and Design, Static Analysis (SAST) | Comments Off on Examining Spectre and Meltdown attacks

 

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

Integrating SAST tools into the DevSecOps pipeline is critical to building a sustainable program, but it’s also important to automate them to drive efficiency, consistency, and early detection.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on How to integrate SAST into the DevSecOps pipeline in 5 simple steps