AST

Snyk and StackHawk form strategic alliance to equip app teams with modern, developer-first security testing

May 1, 2022 By David Lugo In Snyk

Application innovation, design, development, quality assurance, and security testing have changed dramatically over the past decade. Engineering teams are leveraging agile development processes, modern cloud platforms, reusable microservices, and extensible APIs, enabling them to shift to more frequent deployments more easily.

Read Post

Snyk

Read more about Snyk and StackHawk form strategic alliance to equip app teams with modern, developer-first security testing

Synopsys to expand portfolio, SaaS offerings with WhiteHat Security acquisition

Apr 27, 2022 By Jason Schmitt In Synopsys

Synopsys has signed a definitive agreement to acquire WhiteHat Security, a market-segment leading provider of dynamic application security testing (DAST) solutions.

Read Post

Synopsys

Read more about Synopsys to expand portfolio, SaaS offerings with WhiteHat Security acquisition

Veracode Named A Leader In The 2022 Gartner® Magic Quadrant For Application Security Testing For Ninth Consecutive Time

Apr 21, 2022 By Veracode In Veracode

Also recognized as a 2021 Customers' Choice for Application Security Testing.

Read Post

Veracode

Read more about Veracode Named A Leader In The 2022 Gartner® Magic Quadrant For Application Security Testing For Ninth Consecutive Time

Reduce risks of data breaches throughout your development lifecycle with the new Bearer GitHub Action

Apr 19, 2022 By Tanguy Joannot In Bearer

Bearer is a Static Application Security Testing (SAST) tool that enables security and engineering teams to identify and mitigate data security risks throughout the software development lifecycle. It integrates with Source Code Management (SCM) software (see Git repository integrations for more details) to scan your code repositories, discover and classify data flows, and detect gaps with your data security policy.

Read Post

Bearer

Read more about Reduce risks of data breaches throughout your development lifecycle with the new Bearer GitHub Action

Modernizing SAST rules maintenance to catch vulnerabilities faster

Apr 19, 2022 By Frank Fischer In Snyk

Snyk Code separates itself from the majority of static code analysis tools by generating and maintaining rule sets for its users — helping them combat common and newly discovered threats. A recent Hub article described a new Javascript vulnerability called prototype pollution, which allows attackers to modify, or “pollute”, a Javascript object prototype and execute a variety of malicious actions.

Read Post

Snyk

Read more about Modernizing SAST rules maintenance to catch vulnerabilities faster

Snyk and StackHawk: How to Get Started (SAST and DAST)

Apr 15, 2022 By Snyk In Snyk

In this video, learn how to connect your Snyk SAST project with your StackHawk DAST apps for comprehensive and correlated results in a single view. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

AST
Security

Read more about Snyk and StackHawk: How to Get Started (SAST and DAST)

CI Fuzz Demo | Security Testing Made for Developers

Apr 1, 2022 By Code Intelligence In Code Intelligence

Debug your software in a few clicks. Combine the advantages of both static and dynamic code analysis, with instrumented fuzz testing to ship secure software, and run automated security checks to achieve maximum code coverage without false positives.

View Video

Code Intelligence

AST
Security

Read more about CI Fuzz Demo | Security Testing Made for Developers

How To Set A Benchmark Of False Positives With SAST Tools

Mar 24, 2022 By Alfrick Opidi In Mend

Many Static Application Security Testing (SAST) tools struggle with false positives. They often report that a vulnerability is present, while, in reality, it does not exist. This inaccuracy weighs down the engineering team, as they spend productive hours triaging the false alarms. By setting a benchmark of false positives — a limit, above which is unacceptable — you can establish a point of reference or standard against which to measure the efficacy of your SAST tool.

Read Post

Mend

Read more about How To Set A Benchmark Of False Positives With SAST Tools

Best SAST Tools: Top 7 Solutions Compared

Mar 17, 2022 By Adam Murray In Mend

Static application security testing (SAST) tools automatically scan the source code of an application. The goal is to identify vulnerabilities before deployment. SAST tools perform white-box testing, which involves analyzing the code based on inside knowledge of the application. SAST offers granularity in detecting vulnerabilities, providing an assessment down to the line of code.

Read Post

Mend

Read more about Best SAST Tools: Top 7 Solutions Compared

How To Address SAST False Positives In Application Security Testing

Mar 10, 2022 By Alfrick Opidi In Mend

Static Application Security Testing (SAST) is an effective and well-established application security testing technology. It allows developers to create high-quality and secure software that is resistant to the kinds of attacks that have grown more prevalent in recent years. However, the challenge with SAST is that it tends to produce a high number of false positives that waste the time of your engineering team. In this blog we take a look at SAST and the problem of false positives.

Read Post