Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2023

Unit Testing vs Fuzz Testing - Two Sides of the Same Coin?

Most developers, including myself, have written unit tests before. Fuzz testing on the other hand has only started seeing widespread industry usage in recent years. Yet, some voices are already praising fuzz testing as the more effective approach, due to its ability to automatically generate negative and invalid test inputs. Let's put this claim to the test and see how these two approaches match up.

WhiteHat Dynamic Application Security Testing (DAST) | Synopsys

WhiteHat Dynamic detects vulnerabilities in running web apps before they can be exploited, it's 100% production safe, continuously adaptive, delivers actionable results with near-zero false positives, cloud-based, and adapts to app updates to help organizations detect and respond to vulnerabilities.

How to Test a Java Application

Creating effective test cases and the right testing strategy for Java applications can be a time-consuming and complex task. This is where specialized testing solutions come in. With the right setup, developers can catch bugs early in the development process, before they become more difficult and expensive to fix. Additionally, testing methods can help identify and mitigate security vulnerabilities, which is critical for protecting sensitive data and maintaining the integrity of the application.

Why do we need a new approach to SAST?

Many companies provide legacy static application security testing (SAST) tools or engines, but their usefulness has not kept pace with the needs of an application-driven world. In order to succeed, businesses need a modern approach to SAST that will greatly improve it’s value in the software development lifecycle. In this blog, I look at the problems with traditional SAST tools, why there needs to be a change of approach in the SAST market, and what the future holds for SAST.

7 Challenges of Embedded Software Security Testing in 2023

We live in a world that depends on embedded software. It’s in the cars we drive, the elevators we take and the airplanes we travel in. As these systems become more and more complex, it becomes increasingly challenging to ensure that the interaction between embedded software and hardware remains functional and secure. Due to the nature of embedded systems and the devastating consequences of failures, many traditional testing methods fall short of providing adequate security for them.

How Code Coverage Helped Me Find 3 SQL Injections

For web applications with a login, it is kind of obvious that you cannot achieve a high coverage without logging in. Any experienced tester would be able to recognize this immediately. And even for blackbox scans, most developers would use a login to improve their code coverage.