Unit testing is an important part of software development and is considered a crucial step in ensuring the quality and accuracy of the code. It helps in identifying bugs and issues early on in the development cycle, which ultimately results in delivering high-quality software. Java is renowned for being one of the most versatile languages in programming, and it offers a wide selection of unit testing frameworks and tools.

Static analysis + penetration testing delivers a powerful punch in any software due-diligence effort. In the world of tech merger and acquisition (M&A) transactions, timing is everything. It’s important for prospective buyers and investors to understand as much of the target’s software assets’ security, quality, and legal posture as possible in a brief amount of time. This drives the need to conduct multiple assessments on a target’s code simultaneously.

For the last two years, we’ve been quietly building a new kind of static application security testing (SAST) solution that allows security and engineering teams to assess, prioritize, and remediate security risks and vulnerabilities in their code by what matters most - sensitive data. Today, we are officially announcing its release as an Open Source project, Bearer.

Static Application Security Testing (SAST) tools present a significant opportunity for organizations looking to reduce application security risk. However, not all workflows or tools are created equal. Using the right SAST tools at the right times, you can seamlessly integrate and scale security workflows throughout the software development lifecycle (SDLC).

While modern web applications are growing in complexity, the threat landscape is also constantly evolving. It can be difficult for developers to identify and remediate vulnerabilities in their code, especially if they need more expertise in security. As a result, manual application security testing has become ever more challenging and intricate.

In this post, we will show how you can write fuzz tests for your JavaScript projects in Jest as easily as regular unit tests. To make this possible, we have added integration for Jazzer.js into Jest, which enables you to write fuzz tests using the familiar Jest API. Additionally, you get great IDE support with features such as debugging and test coverage reporting out-of-the-box. This integration enables a smooth user experience with the advanced fuzzing technology provided by Jazzer.js.

As vehicles are becoming increasingly dependent on software, automotive software teams are adopting CI/CD (continuous integration and continuous deployment/delivery). This enables them to build, test, and deploy code faster than ever while simultaneously reducing potential maintenance costs. In automotive projects, functional and security bugs can be highly consequential, especially if they are found in the later stages of software development or, even worse, after shipping.

Below, we’ll take a look at how both DAST as a methodology and DAST as a tool relate to what we do at Detectify. More specifically, we’ll explain how Detectify’s solution applies DAST methodology with an External Attack Surface Management (EASM) mindset to deliver the most value to AppSec and ProdSec teams.