Testing

Are Any of These Top Open Source Vulnerability Testing Tools in Your Program?

Jul 6, 2021 By ZeroNorth In ZeroNorth

Sorting out the differences and similarities among the various open source (OS) security tools is no easy task. In fact, many security practitioners today agree, it can be staggeringly complex. Although automated OS security scanning tools make it easier to find and patch existing vulnerabilities in web applications, thereby reducing the burden on security and development teams, they do require a good deal of management and oversight.

ZeroNorth

Read more about Are Any of These Top Open Source Vulnerability Testing Tools in Your Program?

Secure Software Development: How to Check Your Code

Jun 28, 2021 By SecuritySenses In SecuritySenses

In May of 2021, a cybercrime organization called DarkSide successfully locked operators of the Colonial Pipeline, which supplies the east coast with 45% of its petroleum fuel, out of their own software system with a type of malware called "ransomware." True to its name, ransomware returns access to your software (in theory) if you pay a ransom. The result-fuel supplies collapsed across the eastern United States, with gas lines, price spikes, and panic. People began hoarding gasoline in states not even served by the Colonial Pipeline. The US government passed emergency legislation. Even DarkSide seemed shocked at the impact of their cyberattack.

SecuritySenses

Read more about Secure Software Development: How to Check Your Code

You can't compare SAST tools using only lists, test suites, and benchmarks

Jun 16, 2021 By Asaf Biton, Shani Gal In Snyk

There are a lot of challenges one might face when trying to identify the best SAST tool for your team. But how do you measure something that is meant to find unknowns? How do you know if the tool is appropriate for your needs? How do you compare different tools? It’s no wonder that we often get asked, “Does Snyk Code have coverage for the OWASP Top 10?” followed by “How do you suggest we evaluate and compare different SAST tools?”

Snyk

Read more about You can't compare SAST tools using only lists, test suites, and benchmarks

Shift-Left Testing: What It Is and How It Works

May 28, 2021 By Emily Heaslip In Nightfall

If your development team isn’t yet using shift-left testing, you could be wasting time, money, and energy. Teams that practice shift-left testing are able to identify potential roadblocks early in the process, change scope when needed, and improve design to avoid buggy code. When a bug does occur, it can be identified and dealt with quickly so as not to impact the project later on. Shift-left testing proposes to help agile teams become more agile.

Nightfall

Read more about Shift-Left Testing: What It Is and How It Works

Upload Binaries to Scan with Veracode Static for Eclipse

May 25, 2021 By Veracode In Veracode

In this video, you will learn how to prepare a build of your application using Veracode Static for Eclipse and upload the build to a new or existing application profile in your Veracode portfolio. Veracode Static for Eclipse is a plugin for the Eclipse IDE that enables you to upload binaries to Veracode for static analysis. You can work with the scan results from within Eclipse to review and mitigate security findings in your applications.

Veracode

Read more about Upload Binaries to Scan with Veracode Static for Eclipse

Harnessing security expertise to power SAST and Code Security

May 25, 2021 By Snyk In Snyk

Join us for a live stream with Benji Kalman, Director of Security RnD at Snyk, to talk about his experience in security research and managing the Security team over at Snyk. We'll talk about his role, what are day-to-day activities like, what are the challenges, and then connect it to the deep security expertise that help augment secure coding via Static Application Security Testing (SAST) tools.

Snyk

Read more about Harnessing security expertise to power SAST and Code Security

AWS IAM security explained

May 24, 2021 By Fernando Martinez In AT&T Cybersecurity

AWS Policies are a key foundation in good cloud security, but they are often overlooked. In this blog, we take a quick look on some AWS Policies, particularly for Identity and Access Management (IAM), that could become problematic if not properly managed. We'll discuss how they can be used against us to generate attacks like: Ransomware, data exfiltration, credential abuse, and more. Finally, we'll suggest some Open Source tools for cloud policy assessment and pentesting.

AT&T Cybersecurity

Read more about AWS IAM security explained

How to cyber security: Leverage AST solution data to make risk-based decisions

May 20, 2021 By Jonathan Knudsen In Synopsys

AST solutions provide insights to help organizations make more-informed decisions about their security investments. By now, everybody is familiar with the fundamental value of using application security testing (AST) solutions. You do security testing as part of a secure software development life cycle, you find security bugs, you fix them, and the software you release has a lower risk of being compromised, interrupted, or otherwise abused by attackers.

Synopsys

Read more about How to cyber security: Leverage AST solution data to make risk-based decisions

Part One: Using Veracode From the Command Line in Cloud 9 IDE

May 7, 2021 By Veracode In Veracode

In this four-part series, we showcase how to submit Static Policy, Static Sandbox, Static Pipeline, SCA, and Dynamic from the command line using Docker Images and an Amazon Web Services Cloud9 IDE.

Veracode

Read more about Part One: Using Veracode From the Command Line in Cloud 9 IDE

Part Two: Using Veracode From the Command Line in Cloud 9 IDE

May 7, 2021 By Veracode In Veracode

In this four-part series, we showcase how to submit Static Policy, Static Sandbox, Static Pipeline, SCA, and Dynamic from the command line using Docker Images and an Amazon Web Services Cloud9 IDE.