AST

Production-safe DAST: Your secret weapon against threat actors

Mar 23, 2023 By Vishrut Iyengar In Synopsys

Production-safe DAST with WhiteHat Dynamic enables critical security scans in the software production environment. Software powers modern businesses, but these ever-evolving applications and systems can also include vulnerabilities that threat actors can exploit to disrupt, threaten, and steal critical data. But fear not: Robust security processes can mitigate most of these risks and ensure that new features and updates are properly tested.

Read Post

Synopsys

Read more about Production-safe DAST: Your secret weapon against threat actors

Expression DoS Vulnerability Found in Spring - CVE-2023-20861

Mar 22, 2023 By Dae Glendowne In Code Intelligence

As part of our efforts to improve the security of open-source software, we continuously test open-source projects with our JVM fuzzing engine Jazzer in Google’s OSS-Fuzz. One of our tests yielded a Denial of Service vulnerability in the Spring Framework (CVE-2023-20861). Spring is one of the most widely used frameworks for developing web applications in Java. As a result, vulnerabilities have an amplified impact on all applications that rely on the vulnerable version.

Read Post

Code Intelligence

Read more about Expression DoS Vulnerability Found in Spring - CVE-2023-20861

CI Rewind - Historical Vulnerabilities in the Automotive Space

Mar 17, 2023 By Code Intelligence In Code Intelligence

Join our CI Rewind and Learn how to Identify and Fix Common Bugs in Automotive Software In this replay of his talk at FuzzCon Europe - Automotive Edition 2022, CARIAD's Andreas Weichslgartner shows how contemporary software engineering can help to write more secure code and detect vulnerabilities already during development. He revisits historical vulnerabilities in the automotive space and take a look at common classes of bugs present in embedded software.

View Video

Code Intelligence

AST
Security

Read more about CI Rewind - Historical Vulnerabilities in the Automotive Space

Mend SAST Administration - User Interface Walkthrough

Mar 15, 2023 By Mend In Mend

Mend SAST is a SAST (Static Application Security Testing) solution for performing deep and extensive security analysis of application source code. Mend SAST is easy to use, requires almost no user input, and can be deployed during or after development with easy integration into a DevOps environment and CI/CD pipeline. The solution provides an excellent way to automate code inspection as an alternative to the demanding and time-consuming procedure of manual code reviews. Mend SAST supports all major languages and their frameworks, from Android Java to Xamarin C#.

View Video

Mend

Read more about Mend SAST Administration - User Interface Walkthrough

11 Tips for Unit Testing in Java

Mar 14, 2023 By Josh Grant In Code Intelligence

Unit testing is an important part of software development and is considered a crucial step in ensuring the quality and accuracy of the code. It helps in identifying bugs and issues early on in the development cycle, which ultimately results in delivering high-quality software. Java is renowned for being one of the most versatile languages in programming, and it offers a wide selection of unit testing frameworks and tools.

Read Post

Code Intelligence

Read more about 11 Tips for Unit Testing in Java

Securing a GraphQL API

Mar 10, 2023 By Code Intelligence In Code Intelligence

View Video

Code Intelligence

Read more about Securing a GraphQL API

Static analysis + penetration testing = More than the sum of their parts

Mar 10, 2023 By Phil Odence In Synopsys

Static analysis + penetration testing delivers a powerful punch in any software due-diligence effort. In the world of tech merger and acquisition (M&A) transactions, timing is everything. It’s important for prospective buyers and investors to understand as much of the target’s software assets’ security, quality, and legal posture as possible in a brief amount of time. This drives the need to conduct multiple assessments on a target’s code simultaneously.

Read Post

Synopsys

Read more about Static analysis + penetration testing = More than the sum of their parts

We are open sourcing our SAST solution!

Mar 7, 2023 By Guillaume Montard In Bearer

For the last two years, we’ve been quietly building a new kind of static application security testing (SAST) solution that allows security and engineering teams to assess, prioritize, and remediate security risks and vulnerabilities in their code by what matters most - sensitive data. Today, we are officially announcing its release as an Open Source project, Bearer.

Read Post

Bearer

Read more about We are open sourcing our SAST solution!

CI Rewind - Introduction to JavaScript Fuzzing

Mar 3, 2023 By Code Intelligence In Code Intelligence

JavaScript is widely used in backend and frontend applications that rely on trust and good user experience, including e-commerce platforms, and consumer-apps. Fuzz testing helps secure these applications against bugs and vulnerabilities that cause downtime and other security issues, such as Crashes, Denial-of-Service (DoS) and Uncaught Exceptions. In this session, you will learn about.

View Video

Code Intelligence

Read more about CI Rewind - Introduction to JavaScript Fuzzing

SAST Tools: How to Integrate and Scale Security Workflows in the SDLC

Feb 28, 2023 By Juan In Veracode

Static Application Security Testing (SAST) tools present a significant opportunity for organizations looking to reduce application security risk. However, not all workflows or tools are created equal. Using the right SAST tools at the right times, you can seamlessly integrate and scale security workflows throughout the software development lifecycle (SDLC).

Read Post