AST

What Security Practitioners Can Learn from New SAST Vendor Analysis

Sep 19, 2023 By Natalie Tischler In Veracode

Developing and maintaining secure code at scale is hard. Having the right Static Application Security Testing (SAST) solution makes it easier, but how are practitioners to choose? In the following interview, you’ll learn about three emerging trends from detailed analysis of the SAST landscape in The Forrester Wave™: Static Application Security Testing, Q3 2023.

Read Post

Veracode

Read more about What Security Practitioners Can Learn from New SAST Vendor Analysis

DevSecOps Talks - Mitigating the Risks of 3rd Party Code

Sep 14, 2023 By Code Intelligence In Code Intelligence

In today's fast-paced software environment, third-party code has become irreplaceable. With 96% of codebases containing open-source dependencies, the image is clear: open-source is ubiquitous in the development landscape.

View Video

Code Intelligence

Read more about DevSecOps Talks - Mitigating the Risks of 3rd Party Code

Code Intelligence's New LLM-Powered AI-Assistant CI Spark Accelerates Software Security Testing By 15X

Sep 13, 2023 By Code Intelligence In Code Intelligence

CI Spark Combines LLMs and Self-Learning AI to Power the Next Generation of Software Testing.

Read Post

Code Intelligence

Read more about Code Intelligence's New LLM-Powered AI-Assistant CI Spark Accelerates Software Security Testing By 15X

Announcing JFrog SAST: Build Trust and Release Code With Confidence

Sep 13, 2023 By Paul Garden In JFrog

Today’s software applications power almost every aspect of our lives, and ensuring the security of these applications is paramount. Threat actors can cause devastating consequences for companies, leading to financial losses, reputational damage, and legal repercussions. Companies building commercial or in-house applications must adopt robust security measures throughout their software development lifecycle to avoid releasing vulnerable code.

Read Post

JFrog

Read more about Announcing JFrog SAST: Build Trust and Release Code With Confidence

Breaking the Barrier of Dynamic Testing: Detect and Autoconfigure Entry Points With CI Spark

Sep 11, 2023 By Khaled Yakdan In Code Intelligence

Finding deeply hidden and unexpected vulnerabilities early in the development process is key. However, time to invest in proactive tests is limited. Prioritizing speed over security is common. Our new AI-assistant CI Spark closes this gap and enables both speed and security. CI Spark makes use of LLMs to automatically identify attack surfaces and to suggest test code. Tests generated by CI Spark work like a unit test that automatically generates thousands of test cases.

Read Post

Code Intelligence

Read more about Breaking the Barrier of Dynamic Testing: Detect and Autoconfigure Entry Points With CI Spark

How we found a prototype pollution in protobufjs - CVE-2023-36665

Aug 18, 2023 By Code Intelligence In Code Intelligence

In this webinar excerpt, our colleague Peter Samarin demonstrates how our prototype pollution bug detectors were able to uncover a highly severe CVE in the popular JavaScript library protobufjs. This finding puts affected applications at risk of remote code execution and denial of service attacks.

View Video

Code Intelligence

Read more about How we found a prototype pollution in protobufjs - CVE-2023-36665

New Vulnerability in tree-kit: Prototype Pollution - CVE-2023-38894

Aug 16, 2023 By Roman Wagner In Code Intelligence

The maintainers have already released an update fixing the issue. Versions before 0.7.5 are affected and thus vulnerable to Prototype Pollution. We strongly recommend that impacted users upgrade to the newer version that includes the fixes, i.e., version 0.7.5 and above.We have found a new Prototype Pollution vulnerability in the JavaScript package tree-kit in all versions before 0.7.5. The maintainer of tree-kit has released an update that fixed the issue on 21 July 2023.

Read Post

Code Intelligence

Read more about New Vulnerability in tree-kit: Prototype Pollution - CVE-2023-38894

How we found a Prototype Pollution in protobuf.js

Aug 14, 2023 By Code Intelligence In Code Intelligence

Our colleagues Peter Samarin, Norbert Schneider and Fabian Meumertzheim recently built a new bug detector enabling our JavaScript fuzzing engine Jazzer.js to identify Prototype Pollution. This work is now bearing its first fruits: As part of our ongoing collaboration with Google’s OSS-Fuzz, Jazzer.js recently uncovered a new Prototype Pollution vulnerability in protobuf.js (CVE-2023-36665). This finding puts affected applications at risk of remote code execution and denial of service attacks.

View Video

Code Intelligence

Read more about How we found a Prototype Pollution in protobuf.js

The Risks of AI-Generated Code

Aug 9, 2023 By Sergej Dechand In Code Intelligence

AI is fundamentally transforming how we write, test and deploy code. However, AI is not a new phenomenon, as the term was first coined in the 1950s. With the more recent release of ChatGPT, generative AI has taken a huge step forward in delivering this technology to the masses. Especially for development teams, this has enormous potential. Today, AI represents the biggest change since the adoption of cloud computing. However, using it to create code comes with its own risks.

Read Post

Code Intelligence

Read more about The Risks of AI-Generated Code

Synopsys and NowSecure join forces

Aug 8, 2023 By Vishrut Iyengar In Synopsys

Synopsys + NowSecure partnership delivers automated, continuous MAST solution. Mobile applications have become an integral part of our daily lives, and with their increasing prevalence, the need for robust security measures has never been more critical. Recognizing this, Synopsys is enhancing its mobile application security testing (MAST) offering through a strategic partnership with NowSecure.

Read Post