AST

WhiteHat Dynamic Application Security Testing (DAST) | Synopsys

Jan 27, 2023 By Synopsys In Synopsys

WhiteHat Dynamic detects vulnerabilities in running web apps before they can be exploited, it's 100% production safe, continuously adaptive, delivers actionable results with near-zero false positives, cloud-based, and adapts to app updates to help organizations detect and respond to vulnerabilities.

View Video

Synopsys

Read more about WhiteHat Dynamic Application Security Testing (DAST) | Synopsys

How to Test a Java Application

Jan 24, 2023 By Josh Grant In Code Intelligence

Creating effective test cases and the right testing strategy for Java applications can be a time-consuming and complex task. This is where specialized testing solutions come in. With the right setup, developers can catch bugs early in the development process, before they become more difficult and expensive to fix. Additionally, testing methods can help identify and mitigate security vulnerabilities, which is critical for protecting sensitive data and maintaining the integrity of the application.

Read Post

Code Intelligence

Read more about How to Test a Java Application

Explaining how fuzz testing works without using any code

Jan 24, 2023 By Code Intelligence In Code Intelligence

Learn more about fuzz testing: https://www.code-intelligence.com/what-is-fuzz-testing

View Video

Code Intelligence

Read more about Explaining how fuzz testing works without using any code

Explaining fuzz testing without using any code

Jan 24, 2023 By Code Intelligence In Code Intelligence

View Video

Code Intelligence

Read more about Explaining fuzz testing without using any code

Why do we need a new approach to SAST?

Jan 18, 2023 By Sharon Kochevsky In Mend

Many companies provide legacy static application security testing (SAST) tools or engines, but their usefulness has not kept pace with the needs of an application-driven world. In order to succeed, businesses need a modern approach to SAST that will greatly improve it’s value in the software development lifecycle. In this blog, I look at the problems with traditional SAST tools, why there needs to be a change of approach in the SAST market, and what the future holds for SAST.

Read Post

Mend

Read more about Why do we need a new approach to SAST?

7 Challenges of Embedded Software Security Testing in 2023

Jan 11, 2023 By Josh Grant In Code Intelligence

We live in a world that depends on embedded software. It’s in the cars we drive, the elevators we take and the airplanes we travel in. As these systems become more and more complex, it becomes increasingly challenging to ensure that the interaction between embedded software and hardware remains functional and secure. Due to the nature of embedded systems and the devastating consequences of failures, many traditional testing methods fall short of providing adequate security for them.

Read Post

Code Intelligence

Read more about 7 Challenges of Embedded Software Security Testing in 2023

How Code Coverage Helped Me Find 3 SQL Injections

Jan 10, 2023 By Code Intelligence In Code Intelligence

For web applications with a login, it is kind of obvious that you cannot achieve a high coverage without logging in. Any experienced tester would be able to recognize this immediately. And even for blackbox scans, most developers would use a login to improve their code coverage.

View Video

Code Intelligence

Read more about How Code Coverage Helped Me Find 3 SQL Injections

An 8-Step Application Security Risk Assessment Checklist for 2023

Dec 23, 2022 By Josh Grant In Code Intelligence

As organizations are increasingly prioritizing application security continues to become a top priority for organizations, application security risk assessments is atop many bucket lists. Every application is unique and carries threats factors. It's critical to implement processes and tools to identify and remediate security issues before shipping.

Read Post

Code Intelligence

Read more about An 8-Step Application Security Risk Assessment Checklist for 2023

My New Year's Resolution As A Java Dev | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence

Join me on a journey to improve Java development skills and learn about a new software testing approach called fuzz testing. In this series, I'll share my experiences using fuzz testing tools like CI Fuzz, OWASP Zap, OSS-Fuzz, and Jazzer to hunt for bugs and vulnerabilities in Java software. I'll also delve into the world of CVE hunting and best practices for uncovering common web vulnerabilities like Denial of Service and Remote Code Execution. Subscribe to stay updated on new episodes and get access to helpful links, tools, and blog posts. Let's improve our Java skills together!

View Video

Code Intelligence

Read more about My New Year's Resolution As A Java Dev | Code Intelligence

Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence

In this video, I discuss the challenges of managing dependencies and libraries in Java software development projects and the importance of running unit tests. However, I also dig deeper into the limitations of unit tests and the importance of supplementing them with other forms of testing. In the second part of the video, I introduce fuzz testing as a complementary approach to unit testing and give an example of how I was able to replicate a Remote Code Execution CVE in HyperSQL within just a few minutes, using an open-source fuzz testing tool, called CI Fuzz CLI.

View Video