Are Any of These Top Open Source Vulnerability Testing Tools in Your Program?

Sorting out the differences and similarities among the various open source (OS) security tools is no easy task. In fact, many security practitioners today agree, it can be staggeringly complex. Although automated OS security scanning tools make it easier to find and patch existing vulnerabilities in web applications, thereby reducing the burden on security and development teams, they do require a good deal of management and oversight.

Secure Software Development: How to Check Your Code

In May of 2021, a cybercrime organization called DarkSide successfully locked operators of the Colonial Pipeline, which supplies the east coast with 45% of its petroleum fuel, out of their own software system with a type of malware called "ransomware." True to its name, ransomware returns access to your software (in theory) if you pay a ransom. The result-fuel supplies collapsed across the eastern United States, with gas lines, price spikes, and panic. People began hoarding gasoline in states not even served by the Colonial Pipeline. The US government passed emergency legislation. Even DarkSide seemed shocked at the impact of their cyberattack.

You can't compare SAST tools using only lists, test suites, and benchmarks

There are a lot of challenges one might face when trying to identify the best SAST tool for your team. But how do you measure something that is meant to find unknowns? How do you know if the tool is appropriate for your needs? How do you compare different tools? It’s no wonder that we often get asked, “Does Snyk Code have coverage for the OWASP Top 10?” followed by “How do you suggest we evaluate and compare different SAST tools?”


Shift-Left Testing: What It Is and How It Works

If your development team isn’t yet using shift-left testing, you could be wasting time, money, and energy. Teams that practice shift-left testing are able to identify potential roadblocks early in the process, change scope when needed, and improve design to avoid buggy code. When a bug does occur, it can be identified and dealt with quickly so as not to impact the project later on. Shift-left testing proposes to help agile teams become more agile.

Upload Binaries to Scan with Veracode Static for Eclipse

In this video, you will learn how to prepare a build of your application using Veracode Static for Eclipse and upload the build to a new or existing application profile in your Veracode portfolio. Veracode Static for Eclipse is a plugin for the Eclipse IDE that enables you to upload binaries to Veracode for static analysis. You can work with the scan results from within Eclipse to review and mitigate security findings in your applications.

Harnessing security expertise to power SAST and Code Security

Join us for a live stream with Benji Kalman, Director of Security RnD at Snyk, to talk about his experience in security research and managing the Security team over at Snyk. We'll talk about his role, what are day-to-day activities like, what are the challenges, and then connect it to the deep security expertise that help augment secure coding via Static Application Security Testing (SAST) tools.

AWS IAM security explained

AWS Policies are a key foundation in good cloud security, but they are often overlooked. In this blog, we take a quick look on some AWS Policies, particularly for Identity and Access Management (IAM), that could become problematic if not properly managed. We'll discuss how they can be used against us to generate attacks like: Ransomware, data exfiltration, credential abuse, and more. Finally, we'll suggest some Open Source tools for cloud policy assessment and pentesting.


How to cyber security: Leverage AST solution data to make risk-based decisions

AST solutions provide insights to help organizations make more-informed decisions about their security investments. By now, everybody is familiar with the fundamental value of using application security testing (AST) solutions. You do security testing as part of a secure software development life cycle, you find security bugs, you fix them, and the software you release has a lower risk of being compromised, interrupted, or otherwise abused by attackers.