AST

Remote Code Execution Vulnerability Discovered in HSQLDB

Oct 19, 2022 By Roman Wagner In Code Intelligence

19.10.2022 - As part of our goal to continuously improve our vulnerability detectors, we continuously test various open-source projects with Jazzer within OSS-Fuzz. In this case, a test run yielded a severe finding with a potential remote code execution in a HSQLDB (CVE-2022-41853).

Read Post

Code Intelligence

Read more about Remote Code Execution Vulnerability Discovered in HSQLDB

How to Set Up a Fuzz Test in Easy 6 Steps

Oct 18, 2022 By Code Intelligence In Code Intelligence

In this tutorial, I will show you how to set up and run a fuzz test on a C/C++ application, with the CI Fuzz CLI. The CI Fuzz CLI is an easy-to-use fuzzing tool, that enables you to integrate and run fuzz tests directly from your command line. I chose this tool for this tutorial, on how to set up a fuzz test, as it is particularly user-friendly, and as it allows developers to set up and run a fuzz test with only three commands.

View Video

Code Intelligence

AST
Security

Read more about How to Set Up a Fuzz Test in Easy 6 Steps

Code Sight and Rapid Scan Static - Enable Fast & Accurate SAST Scanning in the IDE | Synopsys

Oct 17, 2022 By Synopsys In Synopsys

Synopsys Code Sight plug-in lets you perform fast, deep SAST directly within your IDE. With Rapid Static Scan, you can find vulnerabilities in the IDE and confirm security fixes in real-time as you code, avoid late stage fixes, and more.

View Video

Synopsys

Read more about Code Sight and Rapid Scan Static - Enable Fast & Accurate SAST Scanning in the IDE | Synopsys

The 6 Biggest Challenges of REST API Testing

Oct 6, 2022 By Daniel Teuchert In Code Intelligence

Securing REST APIs is particularly difficult since they are highly interconnected and not designed for manual access. To save time and be more efficient, many developers rely on testing solutions that can automatically detect REST API endpoints and test parameter properties within them. In this article, I want to provide an overview of the 6 biggest challenges of REST API security testing and how test automation can help resolve them.

Read Post

Code Intelligence

Read more about The 6 Biggest Challenges of REST API Testing

How to Find Arbitrary Code Execution Vulnerabilities with Fuzzing

Oct 5, 2022 By Roman Wagner In Code Intelligence

Remember Log4j? Arbitrary code execution bugs are more common than you think, even in memory-safe languages, like Java. Learn how to find these vulnerabilities with fuzzing. Arbitrary code execution vulnerabilities represent one of the most dangerous classes of vulnerabilities in Java applications. Incidents such as Log4Shell clearly demonstrate the impact of these security issues, even in memory-safe languages. They also show that fuzzing can be very effective in finding these vulnerabilities.

Read Post

Code Intelligence

Read more about How to Find Arbitrary Code Execution Vulnerabilities with Fuzzing

Uncovering Hidden Bugs and Vulnerabilities in C/C++ | How to Fuzz Your Code With 3 Commands

Oct 5, 2022 By Code Intelligence In Code Intelligence

CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this stream, I will demonstrate: 1) How to cover the current state of fuzz testing 2) How to set up CLI fuzzing within 3 commands 3) How to uncover multiple bugs and severe memory corruption vulnerabilities

View Video

Code Intelligence

Read more about Uncovering Hidden Bugs and Vulnerabilities in C/C++ | How to Fuzz Your Code With 3 Commands

How to Fuzz Your Code With 3 Commands | Finding Hidden Bugs in C/C++

Oct 5, 2022 By Code Intelligence In Code Intelligence

CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands. In this stream, our expert Jochen will demonstrate: cover the current state of fuzz testing set up CLI fuzzing within 3 commands uncover multiple bugs and severe memory corruption vulnerabilities All code examples and tools used are open-source.

View Video

Code Intelligence

AST
Security

Read more about How to Fuzz Your Code With 3 Commands | Finding Hidden Bugs in C/C++

Code Sight IDE Plugin for Application Security Testing | Synopsys

Oct 5, 2022 By Synopsys In Synopsys

The Synopsys Code Sight IDE plugin helps developers and software engineers produce secure software without changing their workflows or leaving the IDE. Analyze code as you write it, find code quality and security issues, detect vulnerabilities in open source components and dependencies, and get fix recommendations. Code Sight is available for popular IDEs right from the marketplace.

View Video

Synopsys

Read more about Code Sight IDE Plugin for Application Security Testing | Synopsys

Snyk named a 2022 Gartner Peer Insights Customers' Choice for Application Security Testing

Oct 4, 2022 By Tony Sleva In Snyk

Snyk, the leader in developer security, is excited to share that we’ve been named a Customers’ Choice in the 2022 Gartner Peer Insights ‘Voice of the Customer’: Application Security Testing. Gartner defines the Application Security Testing category as products and services designed to analyze and test applications for security vulnerabilities. This distinction is based on meeting or exceeding overall rating, user interest, and adoption.

Read Post

Snyk

Read more about Snyk named a 2022 Gartner Peer Insights Customers' Choice for Application Security Testing

Pair Programming Live: Building SAST & Test Pipeline

Sep 26, 2022 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video