Static Application Security Testing (SAST) is an effective and well-established application security testing technology. It allows developers to create high-quality and secure software that is resistant to the kinds of attacks that have grown more prevalent in recent years. However, the challenge with SAST is that it tends to produce a high number of false positives that waste the time of your engineering team. In this blog we take a look at SAST and the problem of false positives.

We are proud to announce that we have recently achieved AWS Security Competency Partner status. This status exemplifies our technical expertise and dedication to helping customers secure their software at every stage of cloud adoption.

What can’t you buy on the internet? Last-minute birthday gifts. Check. A new refrigerator. Check. An engagement ring. Check. Groceries. Check. Travel to foreign lands. Check. Internet-driven consumerism is a critical component of our economy. But it has its dark side filled with demons.

This week we’ve added new Kotlin & Swift Courses to the Security Labs catalog! The update includes 4-5 Kotlin (Android) labs and 4 Swift (iOS) labs that cover common mobile security topics such as secret storage, authorization, and custom URL handling.

The statistics support Microsoft CEO Satya Nadella’s claim that “every company is a software company.” The average enterprise was already deploying 464 custom applications back in 2017, and that number has likely been growing for the past five years with apps designed to meet unique business needs and support daily tasks and processes as they increasingly move online.

The statistics support Microsoft CEO Satya Nadella’s claim that “every company is a software company.” The average enterprise was already deploying 464 custom applications back in 2017, and that number has likely been growing for the past five years with apps designed to meet unique business needs and support daily tasks and processes as they increasingly move online.

A SQL injection flaw allows for an attacker to modify or inject SQL syntax into the request to make the application behave in a manner that was not initially intended. In other words, an attacker can change a database query to: Now with almost all web applications having integrations with databases in some way, this flaw has the potential to arise often. However, many frameworks and libraries are available to make database connections and queries safe.