AST

Best SAST Tools: Top 7 Solutions Compared

Mar 17, 2022 By Adam Murray In Mend

Static application security testing (SAST) tools automatically scan the source code of an application. The goal is to identify vulnerabilities before deployment. SAST tools perform white-box testing, which involves analyzing the code based on inside knowledge of the application. SAST offers granularity in detecting vulnerabilities, providing an assessment down to the line of code.

Read Post

Mend

Read more about Best SAST Tools: Top 7 Solutions Compared

How To Address SAST False Positives In Application Security Testing

Mar 10, 2022 By Alfrick Opidi In Mend

Static Application Security Testing (SAST) is an effective and well-established application security testing technology. It allows developers to create high-quality and secure software that is resistant to the kinds of attacks that have grown more prevalent in recent years. However, the challenge with SAST is that it tends to produce a high number of false positives that waste the time of your engineering team. In this blog we take a look at SAST and the problem of false positives.

Read Post

Mend

Read more about How To Address SAST False Positives In Application Security Testing

Code Sight Demo Video - SAST & SCA IDE Plugin | Synopsys

Feb 25, 2022 By Synopsys In Synopsys

The Code Sight IDE plugin uses SAST and SCA security scanning to find issues as developers code. Explore how Synopsys's Code Sight can help triage security defects, identify vulnerable open source dependencies, fix issues faster with automated remediation, and more.

View Video

Synopsys

AST
Security

Read more about Code Sight Demo Video - SAST & SCA IDE Plugin | Synopsys

Writing A Java Security Test in Less Than A Minute

Feb 22, 2022 By Code Intelligence In Code Intelligence

Get a glimpse of how our autofuzz mode can be used to test software in less than a minute. Autofuzz is available in.

View Video

Code Intelligence

Read more about Writing A Java Security Test in Less Than A Minute

SAST vs. SCA: 7 Key Differences

Feb 16, 2022 By Ayala Goldstein In Mend

Everybody’s talking about securing the DevOps pipeline and shifting security left.. AppSec tools like SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and others that address issues in proprietary software have become staples of the developer’s security toolbox.

Read Post

Mend

Read more about SAST vs. SCA: 7 Key Differences

Case study: Python RCE vulnerability in Celery

Feb 15, 2022 By Calum Hutton In Snyk

I conducted research based upon existing Python vulnerabilities and identified a common software pattern between them. By utilizing the power of our in-house static analysis engine, which also drives Snyk Code, our static application security testing (SAST) product, I was able to create custom rules and search across a large dataset of open source code, to identify other projects using the same pattern. This led to the discovery of a stored command injection vulnerability in Celery.

Read Post

Snyk

Read more about Case study: Python RCE vulnerability in Celery

WhiteSource SAST: The Next Generation of Application Security

Feb 15, 2022 By Rami Sass In Mend

Today, we announced our entrance into the Static Application Security Testing (SAST) market. It’s a significant development for WhiteSource, which has until now been solely focused on open source software security. In this post, I explain why we decided to make this move beyond open source into proprietary code security, and the value it will bring to developers, security teams, and their organizations.

Read Post

Mend

Read more about WhiteSource SAST: The Next Generation of Application Security

SAST and SCA: Better together with Snyk

Feb 10, 2022 By Daniel Berman In Snyk

As applications become more complex, so does the task of securing them. While the source code making up applications consists of proprietary code, a great deal of it is also third-party, open source code. Development and security teams looking to release secure code while also maintaining a rapid pace of development, need to therefore combine static application security testing (SAST) and software composition analysis (SCA) as part of a comprehensive software security strategy.

Read Post

Snyk

Read more about SAST and SCA: Better together with Snyk

How to Automate Your REST API Testing in 5 Easy Steps

Feb 10, 2022 By Code Intelligence In Code Intelligence

In this coding session, Daniel Teuchert, will demonstrate how to automate your REST API Testing in 5 easy steps. All tools and code examples used in this tutorial are 100% open-source. Content.

View Video

Code Intelligence

Read more about How to Automate Your REST API Testing in 5 Easy Steps

Enhancing PCI compliance security with SAST and SCA

Feb 8, 2022 By DeveloperSteve In Snyk

The Payment Card Industry Data Security Standard, also known as PCI DSS is a thorough process that reviews a company’s systems and policies for handling and storage of sensitive consumer cardholder data.

Read Post