AST

Code Sight Demo Video - SAST & SCA IDE Plugin | Synopsys

Feb 25, 2022 By Synopsys In Synopsys

The Code Sight IDE plugin uses SAST and SCA security scanning to find issues as developers code. Explore how Synopsys's Code Sight can help triage security defects, identify vulnerable open source dependencies, fix issues faster with automated remediation, and more.

View Video

Synopsys

AST
Security

Read more about Code Sight Demo Video - SAST & SCA IDE Plugin | Synopsys

Writing A Java Security Test in Less Than A Minute

Feb 22, 2022 By Code Intelligence In Code Intelligence

Get a glimpse of how our autofuzz mode can be used to test software in less than a minute. Autofuzz is available in.

View Video

Code Intelligence

Read more about Writing A Java Security Test in Less Than A Minute

SAST vs. SCA: 7 Key Differences

Feb 16, 2022 By Ayala Goldstein In Mend

Everybody’s talking about securing the DevOps pipeline and shifting security left.. AppSec tools like SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and others that address issues in proprietary software have become staples of the developer’s security toolbox.

Read Post

Mend

Read more about SAST vs. SCA: 7 Key Differences

Case study: Python RCE vulnerability in Celery

Feb 15, 2022 By Calum Hutton In Snyk

I conducted research based upon existing Python vulnerabilities and identified a common software pattern between them. By utilizing the power of our in-house static analysis engine, which also drives Snyk Code, our static application security testing (SAST) product, I was able to create custom rules and search across a large dataset of open source code, to identify other projects using the same pattern. This led to the discovery of a stored command injection vulnerability in Celery.

Read Post

Snyk

Read more about Case study: Python RCE vulnerability in Celery

WhiteSource SAST: The Next Generation of Application Security

Feb 15, 2022 By Rami Sass In Mend

Today, we announced our entrance into the Static Application Security Testing (SAST) market. It’s a significant development for WhiteSource, which has until now been solely focused on open source software security. In this post, I explain why we decided to make this move beyond open source into proprietary code security, and the value it will bring to developers, security teams, and their organizations.

Read Post

Mend

Read more about WhiteSource SAST: The Next Generation of Application Security

SAST and SCA: Better together with Snyk

Feb 10, 2022 By Daniel Berman In Snyk

As applications become more complex, so does the task of securing them. While the source code making up applications consists of proprietary code, a great deal of it is also third-party, open source code. Development and security teams looking to release secure code while also maintaining a rapid pace of development, need to therefore combine static application security testing (SAST) and software composition analysis (SCA) as part of a comprehensive software security strategy.

Read Post

Snyk

Read more about SAST and SCA: Better together with Snyk

How to Automate Your REST API Testing in 5 Easy Steps

Feb 10, 2022 By Code Intelligence In Code Intelligence

In this coding session, Daniel Teuchert, will demonstrate how to automate your REST API Testing in 5 easy steps. All tools and code examples used in this tutorial are 100% open-source. Content.

View Video

Code Intelligence

Read more about How to Automate Your REST API Testing in 5 Easy Steps

Enhancing PCI compliance security with SAST and SCA

Feb 8, 2022 By DeveloperSteve In Snyk

The Payment Card Industry Data Security Standard, also known as PCI DSS is a thorough process that reviews a company’s systems and policies for handling and storage of sensitive consumer cardholder data.

Read Post

Snyk

Read more about Enhancing PCI compliance security with SAST and SCA

Testing Clojure Code With Jazzer

Jan 10, 2022 By Sebastian Poeplau In Code Intelligence

Jazzer, our fuzzer for the JVM, is already being used with several JVM languages like Java and Kotlin. Recently, a member of the community asked us whether Jazzer can also fuzz Clojure code. The answer is yes, but it wasn't obvious how to set things up. So we've built a small helper library, jazzer-clj, which contains everything you need to get started with Jazzer for Clojure. There's also an example project to demonstrate the setup.

Read Post

Code Intelligence

Read more about Testing Clojure Code With Jazzer

Tooling Overview for API Testing (SAST, DAST, IAST, Fuzzing)

Jan 7, 2022 By Roman Wagner In Code Intelligence

Application Programming Interface (APIs), allow services to communicate with each other. Naturally, applications that are interconnected through many APIs, require thorough security testing, as each connection could potentially include software vulnerabilities. Since there are different methods to test these junctions, I want to briefly discuss the benefits and weaknesses of the most commonly used API testing methods in this article.

Read Post