Topic: sast

Synopsys releases fAST Dynamic test solution

Synopsys today released a new application security testing solution, fAST Dynamic, that helps organizations find and remediate security vulnerabilities in today’s modern web applications. According to the company’s announcement, fAST Dynamic is built upon scanning technology Synopsys acquired from WhiteHat Security, and adds on to fAST Static and fAST SCA, which were built into the … continue reading

Sonar’s new SAST tool includes support for thousands of open-source libraries

The developer security company Sonar has announced an update to its platform, which will make it even easier for developers to write what Sonar calls “Clean Code,” or code that is “easy to read, maintain, understand and change through structure and consistency yet remains robust and secure to withstand performance demands.” The company has added … continue reading

Asking developers to do security is a risk in itself without training

As the pace and complexity of software development increases, organizations are looking for ways to improve the performance and effectiveness of their application security testing, including “shifting left” by integrating security testing directly into developer tools and workflows. This makes a lot of sense, because defects, including security defects, can often be addressed faster and … continue reading

Combining Static Application Security Testing (SAST) and Software Composition Analysis (SCA) Tools

When creating, testing, and deploying software, many development companies now use proprietary software and open source software (OSS).    Proprietary software, also known as closed-source or non-free software, includes applications for which the publisher or another person reserves licensing rights to modify, use, or share modifications. Examples include Adobe Flash Player, Adobe Photoshop, macOS, Microsoft … continue reading

SAST, SCA & QA are the best tools to combat hackers’ smaller, more sophisticated attacks

As many organizations are bolstering up their security measures, hackers have shifted their focus to smaller and more concentrated attacks, according to Daniel Fonseca, senior solutions engineer at Kiuwan in the webinar “Preventing common vulnerabilities with Kiuwan’s SAST, SCA, and QA tools.” The National Vulnerability Database (NVD) said there were over 20,000 security vulnerabilities CVE … continue reading

Four core elements of developer-centric SAST

Doing testing early and doing it often is essential in modern software development because it emphasizes the need to integrate software security testing throughout the SDLC. With the evolution of DevSecOps, where speed is vital to software deployment and delivery, it’s important to achieve continuous software assurance to give developers and organizations the confidence that … continue reading

Snyk announces new product innovations and integrations to further developer-led security

Today the developer security company Snyk introduced new product innovations, DigitalOcean and HashiCorp partnerships, and launched Snyk Learn as part of SnykCon 2021.  Snyk Code, which offers a dev-first approach to static application security testing tooling just received support for C#, Ruby, PHP and Go added to Java, Javascript, and Python.  Also, Snyk Open Source … continue reading

When does SCA replace SAST or DAST?

The short answer is never. There, I just saved you enough time that you can go and do the right thing and run SAST and DAST and work on hardening your code, instead of trying to test security into your application. Look, every time a new technology, process, or technique comes along there are some … continue reading

The future of application security

A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were: By 2022, software composition analysis (SCA) will surpass traditional AST tools (SAST, DAST) as the primary … continue reading

SD Times news digest: XebiaLabs’ new DevOps Risk and Compliance features, Split’s free Feature Flag Edition, and Google’s changes to its SMS/Call Log policy

XebiaLabs has launched a new security and risk assessment solution for enterprises. The new solution features enhanced chain of custody reporting, a new security risk dashboard for software releases, and new at-a-glance compliance overviews. According to the company, this will help organizations track app release status and understand security better. “To effectively manage software delivery … continue reading

SD Times news digest: WearOS developer preview, Synopsys’ Coverity updates, and Apple App Store prohibits cryptocurrency mining

Google has announced new changes to the WearOS by Google developer preview. According to the company, battery life has been a major focus area. After reviewing developer feedback, the company found users were unhappy with the disabling of alarms and jobs for background apps. As a result, Google is reversing the change and will be … continue reading

WhiteHat Security: Improving application security with DevSecOps

Does the DevSecOps approach make a difference when it comes to improving application security? According to this year’s 12th annual WhiteHat Security “Application Security Statistics Report,” it certainly does. This year’s WhiteHat report includes a case study that details a large health organization’s successful implementation of a DevSecOps approach.  According to the study, critical vulnerabilities … continue reading

DMCA.com Protection Status