OpenText is releasing a new static application security testing (SAST) tool called Fortify Aviator designed to change the way developers manage application security. Fortify Aviator uses AI to provide intelligent code fix suggestions based on analysis of the existing codebase, which significantly reduces the time developers need to spend on remediating issues. According to the … continue reading
Synopsys today released a new application security testing solution, fAST Dynamic, that helps organizations find and remediate security vulnerabilities in today’s modern web applications. According to the company’s announcement, fAST Dynamic is built upon scanning technology Synopsys acquired from WhiteHat Security, and adds on to fAST Static and fAST SCA, which were built into the … continue reading
The developer security company Sonar has announced an update to its platform, which will make it even easier for developers to write what Sonar calls “Clean Code,” or code that is “easy to read, maintain, understand and change through structure and consistency yet remains robust and secure to withstand performance demands.” The company has added … continue reading
As the pace and complexity of software development increases, organizations are looking for ways to improve the performance and effectiveness of their application security testing, including “shifting left” by integrating security testing directly into developer tools and workflows. This makes a lot of sense, because defects, including security defects, can often be addressed faster and … continue reading
When creating, testing, and deploying software, many development companies now use proprietary software and open source software (OSS). Proprietary software, also known as closed-source or non-free software, includes applications for which the publisher or another person reserves licensing rights to modify, use, or share modifications. Examples include Adobe Flash Player, Adobe Photoshop, macOS, Microsoft … continue reading
As many organizations are bolstering up their security measures, hackers have shifted their focus to smaller and more concentrated attacks, according to Daniel Fonseca, senior solutions engineer at Kiuwan in the webinar “Preventing common vulnerabilities with Kiuwan’s SAST, SCA, and QA tools.” The National Vulnerability Database (NVD) said there were over 20,000 security vulnerabilities CVE … continue reading
Doing testing early and doing it often is essential in modern software development because it emphasizes the need to integrate software security testing throughout the SDLC. With the evolution of DevSecOps, where speed is vital to software deployment and delivery, it’s important to achieve continuous software assurance to give developers and organizations the confidence that … continue reading
Today the developer security company Snyk introduced new product innovations, DigitalOcean and HashiCorp partnerships, and launched Snyk Learn as part of SnykCon 2021. Snyk Code, which offers a dev-first approach to static application security testing tooling just received support for C#, Ruby, PHP and Go added to Java, Javascript, and Python. Also, Snyk Open Source … continue reading
The short answer is never. There, I just saved you enough time that you can go and do the right thing and run SAST and DAST and work on hardening your code, instead of trying to test security into your application. Look, every time a new technology, process, or technique comes along there are some … continue reading
A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were: By 2022, software composition analysis (SCA) will surpass traditional AST tools (SAST, DAST) as the primary … continue reading
XebiaLabs has launched a new security and risk assessment solution for enterprises. The new solution features enhanced chain of custody reporting, a new security risk dashboard for software releases, and new at-a-glance compliance overviews. According to the company, this will help organizations track app release status and understand security better. “To effectively manage software delivery … continue reading
Google has announced new changes to the WearOS by Google developer preview. According to the company, battery life has been a major focus area. After reviewing developer feedback, the company found users were unhappy with the disabling of alarms and jobs for background apps. As a result, Google is reversing the change and will be … continue reading
