AST

Best Practices for Mobile App Security Testing for Developers & Non-Developers

Jan 5, 2022 By Ron Stefanski In Appknox

Mobile application security testing (MAST) covers a wide range of topics, including authentication, authorization, data security, session management, and vulnerabilities for hacking. The mobile AST market is made up of buyers and sellers of products that identify vulnerabilities and apps used with mobile platforms during or post-development.

Read Post

Appknox

Read more about Best Practices for Mobile App Security Testing for Developers & Non-Developers

A Review of Log4Shell Detection Methods

Dec 22, 2021 By The Veracode Research Team In Veracode

Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to ascertain which tools are best positioned to help detect the vulnerability. Which approaches are most effective and where do they fall short?

Read Post

Veracode

Read more about A Review of Log4Shell Detection Methods

Bug Detectors for log4j Are Now Available in Google's OSS-Fuzz

Dec 22, 2021 By Sergej Dechand In Code Intelligence

To help contain the damages that arise from the log4j vulnerability, Code Intelligence collaborated with Google’s Open Source Security Team. Together, we implemented effective bug detectors for Remote Code Execution Vulnerabilities (RCEs) to Google’s open source fuzzing framework, OSS-Fuzz.

Read Post

Code Intelligence

Read more about Bug Detectors for log4j Are Now Available in Google's OSS-Fuzz

Snyk Code: An Introduction to Dev-First SAST

Dec 21, 2021 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Snyk Code: An Introduction to Dev-First SAST

Snyk Code in 2021: Redefining SAST

Dec 21, 2021 By Frank Fischer In Snyk

Starting in early 2021, Snyk Code and became available as a freemium offering for Snyk users. Snyk Code helps developers quickly and accurately find, prioritize, and fix security flaws in proprietary code. With detailed remediation guidance at every stage of the software development lifecycle (SDLC), from the developer’s environment (IDE) to continuous integration and development (CI/CD) pipelines, Snyk Code revolutionizes static application security testing (SAST).

Read Post

Snyk

Read more about Snyk Code in 2021: Redefining SAST

Finding the log4j RCE With Fuzzing

Dec 13, 2021 By Fabian Meumertzheim In Code Intelligence

On December 9th, 2021, the Remote Code Execution (RCE) CVE-2021-44228 in Apache log4j 2 was published and started seeing active exploitation soon after. Since then, development teams have been working hard and tirelessly, trying to fix the issue to prevent (further) damage.

Read Post

Code Intelligence

Read more about Finding the log4j RCE With Fuzzing

Continuous REST API Testing With CI Fuzz

Dec 10, 2021 By Simon Resch In Code Intelligence

CI Fuzz is a platform for automated security testing that aims to enable developers to ship secure software fast. The platform empowers development teams to automatically deploy continuous REST API security tests with each pull request. Since it enables the instrumentation of entire web service environments, CI Fuzz can create test inputs that are guided by code coverage. This enables it to uncover complex vulnerabilities and edge cases that other tools often overlook.

Read Post