SAST is one of the matured security testing methods. In the SAST, the source code is examined from the inside out while components are in a static position. It performs scanning in-house code and design to identify flaws that are reflective of weaknesses, and that could invite security vulnerabilities. The scans performed by SAST tools are dependent upon prior identification of rules that specify coding errors to examine and address.

Organizations that develop mobile apps need to be aware of the potential cyber security threats. These threats can lead to the loss of users' private data, which can have serious repercussions for industries like fintech, healthcare, ecommerce, etc. In order to prevent these malicious practices, Dynamic Application Security Testing (DAST), a security testing tool, has been introduced. It helps to weed out specific vulnerabilities in web applications whenever they run in the production phase.

As we celebrate the first anniversary of Rapid Scan Static, we look back at the growth of our new SAST engine. In June 2021, Synopsys officially released Rapid Scan Static, a feature of Code Sight™ SE and Coverity® by Synopsys and powered by the Sigma scan engine. Rapid Scan Static reduces the noise and friction for developers by providing fast results that enable them to take action earlier in the software development life cycle (SDLC).

The acquisition of WhiteHat Security, the leading the DAST solution provider, is a step toward a more comprehensive, end-to-end portfolio for AppSec. Today, Synopsys closed the acquisition of WhiteHat Security, an application security pioneer and market-segment leading provider of dynamic application security testing (DAST) solutions.

Golang was the first programming language to support fuzzing as a first-class experience in version 1.18. This made it really easy for developers to write fuzz tests. Golang 1.14 introduced native compiler instrumentation for libFuzzer, which enables the use of libFuzzer to fuzz Go code. libFuzzer is one of the most advanced and widely used fuzzing engines and provides the most effective method for Golang Fuzzing.

We are thrilled to announce that we secured our Series A funding round of $12 Million to fulfill our vision of a world where security is a given, not a hope. The round was led by US-based Tola Capital and introduced experienced business angels such as Thomas Dohmke. We will use the funds to add support for more programming languages, provide further dev tool integrations and grow the team.

For consecutive years, applications have remained the top attack vector for black hats, with supply chain attacks not far behind. At the same time, market research indicates that enterprise security managers and software developers continue to complain that their application security tools are cumbersome. When asked, many developers admit that they don’t run security tests as often as they should, and they push code to production even when they know it has security flaws.

The 2022 Gartner® Critical Capabilities for Application Security Testing report provides useful guidance for teams wanting to build an AppSec program optimized for their business needs. There are two cars in my driveway right now. One was built in 1978, and what’s great about it is how easy it is to work on. It’s a simple vehicle, and most repairs can be performed with only a half-dozen tools: two screwdrivers, three wrenches, and a hammer (you always need a hammer).

In our new tech tales series, we discuss how Synopsys customers use our products and services to uncover security risks in their organization. Synopsys customers span every industry—from small to large enterprises across financial services, automotive, public sector, medical and healthcare, and much more. One thing they all have in common is building trust into their software.

Coverage-guided fuzzers, like Jazzer, maximize the amount of executed code during fuzzing. This has proven to produce interesting findings deep inside the codebase. Only checking validation rules on the first application layer isn’t providing great benefits, whereas verifying logic in and interactions of deeply embedded components is. To extend the amount of covered code, the fuzzer tries to mutate its input in such a way that it passes existing checks and reaches yet unknown code paths.