Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Testing

Veracode State of Software Security Vol. 11

Oct 29, 2020 By Veracode In Veracode
Veracode, the largest global provider of application security testing (AST) solutions, announced the State of Software Security (SOSS) Volume 11 revealing 76% of applications contain at least one security flaw and fixing those flaws typically takes months. This year’s analysis of 130,000 applications found that it takes about six months for teams to close half the security flaws they find. Watch as Veracode's Chris Eng and Tim Jarrett break down the key findings from SOSS 11, with specifics on what's within developers' control as they seek to improve the security of their applications.
View Video

The Devil's in the Dependency: Data-Driven Software Composition Analysis

Oct 8, 2020 By Veracode In Veracode
We all know that lurking within even the most popular open source packages are flaws that can leave carefully constructed applications vulnerable. In fact, 71% of all applications contain flawed open source libraries, many (70.7%) coming from downstream dependencies which might escape the notice of developers. Using graph analytics and a broad data science toolkit, we untangle the web of open source dependencies and flaws and show the best way for developers to navigate this seemingly intractable game of whack-a-mole.
View Video

Install Veracode for VS Code to Run Greenlight Scans

Sep 30, 2020 By Veracode In Veracode
In this video, you will learn how to install the Veracode for VS Code extension. The Veracode for VS Code extension is available from the Visual Studio Marketplace. Greenlight finds security defects in your code in seconds so you can fix the findings directly in your IDE. Veracode for VS Code is an extension to Visual Studio Code, which performs a Veracode Greenlight scan at the file level, and supports JavaScript, TypeScript, and C#.
View Video
synopsys

Can SAST tools improve developer productivity?

Sep 30, 2020 By Ashutosh Kumar In Synopsys

Organizations are increasingly agile today, producing and deploying software applications faster than ever before. But this requires all the elements in the software development life cycle (SDLC) to work together cohesively. Security practices in the SDLC become especially important, given that more than half of security flaws result from preventable coding mistakes. Ensuring that developers are on board with security practices is even more critical to improve the process efficiency.

Read Post
mend

Black Box Testing: What You Need to Know

Sep 24, 2020 By Patricia Johnson In Mend

Today’s software development life cycle includes a variety of quality and security testing techniques at every stage. Frequent testing throughout the DevOps pipeline is imperative considering the ever-increasing pace of development. One of the most common testing methods that companies use to ensure the products they are pushing out are secure and high-quality is black box testing.

Read Post
alienvault

Red Team testing explained: what is Red Teaming?

Sep 2, 2020 By Nick Cavalancia In AT&T Cybersecurity

In the world of cybersecurity preparedness, there are a variety of strategies organizations large and small can take to help protect their networks and data from cyber-attacks. One such strategy involves an organization testing its own environment for security vulnerabilities. But because security weaknesses come in different forms, it’s necessary to have a focused security team that comprehensively searches for vulnerabilities that go beyond simple risk assessments.

Read Post

How to Understand the Software Supply Chain

Sep 2, 2020 By Veracode In Veracode
The software supply chain can come with great risk if you’re not set up with the right processes, solutions, and tools, as well as the right checks and balances for third-party vendors. What Will You Learn? The entire development process, from ideation to creation and even the tools you have in place, can stall if there are security issues in your software supply chain. Without the right infrastructure in place, that can mean problems for your CI/CD and, down the road, the applications your customers rely on.
View Video
mend

Application Security Testing: Security Scanning Vs. Runtime Protection

Aug 27, 2020 By Julie Peterson In Mend

The application layer continues to be the most attacked and hardest to defend in the enterprise software stack. With the proliferation of tools aimed at preventing an attack, it’s no wonder the application security testing market is valued at US 4.48 billion. Forrester’s market taxonomy breaks up the application security testing tools market into two main categories: security scanning tools and runtime protection tools.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.