communicating with customers about a security breach

Communicating with Customers in the Event of a Breach

Thursday, October 15, 2020

There are three phases of defending against cyber attacks: putting in place sufficient protections and robust authentication mechanisms to try and prevent attacks; appropriately defending against an active attack once it is discovered, and communicating accurately and effectively to customers and shareholders: What happened Why it happened What it means Let’s examine a major retailer’s …

DefenseCode GitHub integration

DefenseCode announces GitHub Action to provide SAST solution for developers

Thursday, October 08, 2020

DefenseCode Group is proud to announce that DefenseCode’s Static Application Security Testing (SAST) ThunderScan® solution is now available as a GitHub Action, offering security vulnerability analysis across 30+ languages providing detailed vulnerability reports integrated into GitHub. GitHub is a developer collaboration platform and home to more than 50 million users, 3 million organizations, and over 100 …

software security - DevSecOps

From Zero to DevSecOps: How to Implement Security at the Speed of DevOps

Thursday, October 01, 2020

The following is a guest post from Sharon Sharin, product marketing manager at WhiteSource.DeDe DevOps has become a popular buzzword in the software development industry. Many organizations have already embraced the DevOps methodology, but what about security? A common concern is that adding security to DevOps practices will severely slow down development processes, but this doesn’t need …

principle of least privilege

Putting the Principle of Least Privilege to Work for Web Apps

Thursday, September 24, 2020

With an ever-increasing proportion of day-to-day work on the desktop occurring in the form of web-based applications, organizations need to rethink how those applications work. They also need to examine – and in some cases tighten up – how web-based apps (or rather, the processes within which they operate) make use of privileges and access …

Codesonar update

Latest Version of CodeSonar Improves on C++ Analysis, MISRA Support; Introduces Subcommands for DevSecOps and More

Thursday, September 17, 2020

The latest version of GrammaTech CodeSonar, Version 5.4, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements. This release has several new features …

Visual Studio tips

Top 10 Visual Studio Refactoring Tips

Wednesday, September 09, 2020

With the version 2019 Visual Studio is now mature when it comes to refactoring. This post proposes a tour of the top 10 most used refactoring actions in my opinion. ) Renaming an Identifier With Ctrl+R,R you can rename any code identifier: a variable, a field, a class… The renaming experience is pretty clean when only one …

web app security

The Cyberthief’s New Best Friend: Web Apps

Thursday, September 03, 2020

Web apps are now one of the top favorites—if not the absolute favorite—means of attack by cyberthieves, based on the latest Verizon Data Breach Investigations Report, which examined 41,686 security incidents, including 2,013 confirmed data breaches. The data came from 73 sources of data accessed by the carrier, only seven of which were internal to …

SAST and SCA

SAST and SCA: Putting the Puzzle Together

Thursday, August 27, 2020

Developing correct and secure software isn’t easy. A typical application includes a large amount of original and third-party code, and it all has to work together without opening up security holes. Any change to existing code, whether it’s a simple refactoring or the addition of a major feature, could create a new risk. Checking the …

modular architecture

Modularity and Agile Architecture

Thursday, August 20, 2020

What is Agile Architecture? Architecture is an important aspect of agile software development efforts. It is critical to scaling agile to meet the needs of the business. “Agile architecture is a set of values and practices that support the active evolution of the design of a system, concurrent with the implementation of new business functionality”. The …

Swaggerhub developer perspective

A Developer’s Perspective of CI/CD Integrations with SwaggerHub

Thursday, August 13, 2020

In my career thus far I’ve been very fortunate to have held positions at various stages along the software development lifecycle and beyond. It’s given me great insight and appreciation for the demands of today’s developers. Whether I’ve been speaking to frustrated developers on a product demo, or in the depths of the code base …