Tag: SAST
Security Across the SDLC
Don Macvittie | | AAS, API security, CSPM, DAST, DDos, development security, devops, DLP, IAST, RASP, SAST, WAAP
Don MacVittie believes we've made progress integrating security across the SDLC, but there's still a ways to go ...
2024: The Year of Testing
Don Macvittie | | application quality, application security, DAST, functional, integration, SAST, sdlc, TDD, testing
Now that AI has made advanced automation a fact, it is time to consider implementing the level of testing we always knew we should have ...
The Security Pipeline
Don Macvittie | | agile, container image scanning, DAST, devsecops, IAST, SAST, SBoM, SCA, security, security integration
Over the last few years, the ability to secure our applications has grown, and deep integration into the DevOps toolchain has, too. There are more tools doing more security checks protecting more ...
Checkmarx Brings Generative AI to SAST and IaC Security Tools
Under an early access program, Checkmarx today made available query builder and guided automation tools that take advantage of OpenAI's generative artificial intelligence (AI) technologies to make it simpler for developers to ...
Mobb Launches Community Edition of Automated Remediation Tool
Mobb today made available a free community edition of a namesake tool that creates fixes to open source vulnerabilities. The fixes are based on the results of code scanning by a static ...
A Seven Point Checklist for Getting SAST Right
Mark Hermeling | | code security, product security, SAST, software quality, Static Application Security Testing
With so many physical products—from automobiles to airplanes and medical devices to industrial control systems—now being driven by software, product security has become a top-level concern for manufacturers. Software flaws can not ...
Addressing Software Supply Chain Security
Tomislav Pericin | | DAST, SAST, SCA, Software Supply Chain, software supply chain attacks, Software Supply Chain Security
It’s essential for organizations to learn more about the software supply chains they rely on and the steps needed to secure them. In just the past few years, we have seen a ...
Update to Open Source ZAP Tool Improves DAST Performance
An update to the OWASP Zed Attack Proxy (ZAP) open source dynamic application security testing (DAST) tool made available today improves performance by employing a multi-threaded passive scanner engine. Version 2.12.0 of ...
Three Ways to Speed up SAST
In modern, continuous software development life cycle (SDLC) processes, when code is written and before it’s committed to the repository, it’s run through testing, which may include unit testing, regression testing or ...
Cycode Expands Scope of AppDev Security Platform
At the Black Hat USA 2022 conference, Cycode this week announced it has added static application security testing (SAST) and container scanning capabilities to its software composition analysis (SCA) platform that is based ...
Turning Off DevSecOps Noise for Functional Fidelity
Analyzing the DevOps and DevSecOps software marketplace demonstrates the high demand for tools and platforms that reduce false positives. As businesses and organizations adopt a rigorous, disciplined software development life cycle and ...
Quick! Define DevSecOps: Let’s Call it Development Security
For a good long while, DevSecOps referred specifically to vendors like Veracode that did static application security scanning, dynamic application security scanning, software composition analysis and some form of runtime monitoring (usually ...
