SAST and DevSecOps

The Role of SAST in DevSecOps

Thursday, December 03, 2020

Most people involved in the process of creating and deploying software applications today are familiar with DevSecOps, which integrates security and operations into the software development process. In figurative terms, we think of the software development lifecycle as a timeline, starting with the design on the left and the deployment (and post-deployment activities) on the right. …

software modularity

Modularity Parable and Software

Thursday, November 26, 2020

In his seminal book, The Sciences of the Artificial, Herb Simon describes the parable of watchmakers named Hora and Tempus. They built watches out of 1000 parts. The watches were of the highest quality – as a result, they were often interrupted by customers calling up to place orders. However, they built watches using different techniques. Tempus …

Grammatech binary code analysis tool

Open-source Tools for Binary Analysis and Rewriting

Thursday, November 19, 2020

Unfortunately binary-only software is unavoidable; dependencies of active software projects, firmware and applications distributed without source access, or simply old software whose developers are no longer drawing pay checks (or drawing breath). Consequently binary analysis and rewriting are topics of perennial interest to security and software engineering researchers and practitioners. Binary analysis enables the review of …

MethodInterceptorAspect Class Inheritance Diagram

When your brain can’t handle the complexity: NDepend and PostSharp

Thursday, November 12, 2020

The size and complexity of codebases have exploded in the last decade. What can you do when your codebase no longer fits your brain? In this article I’ll suggest two completely different tools: NDepend to visualize the code, and PostSharp to reduce its complexity. Since PostSharp is itself a complex codebase, we’ll use NDepend to …

Firmware vulnerabilities

What Makes Firmware Vulnerabilities So Deadly?

Tuesday, November 03, 2020

Simply put, firmware is low-level software usually stored in a near-silicon form (ROM, EEPROM, or flash memory) that is used during the initial steps of bootstrapping and starting up a computer, printer, or some other kind of electronic device. Alternatively, firmware may serve to drive device-level communications with other components in a computer or other …

Lexington Soft teams with TestYantra Software Testing Services

Lexington Soft Teams With TestYantra to Offer Comprehensive Software Testing Services and Solutions

Tuesday, October 27, 2020

Chennai, Tamil Nadu, India:  Lexington Soft, a provider of enterprise software solutions for Software Development, Testing & Quality has partnered with TestYantra, a global Software Testing Company providing independent software testing services to its clients. The partnership will enable the clients seeking to automate software testing, with comprehensive solutions through a combination of industry leading Test Automation & Performance Testing …

lexington soft defensecode partnership

Lexington Soft Partners With DefenseCode to Bridge the Gap Between Security and DevOps

Thursday, October 22, 2020

Chennai, Tamil Nadu, India:  Lexington Soft Pvt. Ltd., has been appointed as a best-in-class enterprise software products and software development tools, to represent DefenseCode across South East Asia. DefenseCode offers two licensed solutions: Its flagship product, ThunderScan® is a SAST (Static Application Security Testing, WhiteBox Testing) solution for performing deep and extensive security analysis of …

communicating with customers about a security breach

Communicating with Customers in the Event of a Breach

Thursday, October 15, 2020

There are three phases of defending against cyber attacks: putting in place sufficient protections and robust authentication mechanisms to try and prevent attacks; appropriately defending against an active attack once it is discovered, and communicating accurately and effectively to customers and shareholders: What happened Why it happened What it means Let’s examine a major retailer’s …

DefenseCode GitHub integration

DefenseCode announces GitHub Action to provide SAST solution for developers

Thursday, October 08, 2020

DefenseCode Group is proud to announce that DefenseCode’s Static Application Security Testing (SAST) ThunderScan® solution is now available as a GitHub Action, offering security vulnerability analysis across 30+ languages providing detailed vulnerability reports integrated into GitHub. GitHub is a developer collaboration platform and home to more than 50 million users, 3 million organizations, and over 100 …

software security - DevSecOps

From Zero to DevSecOps: How to Implement Security at the Speed of DevOps

Thursday, October 01, 2020

The following is a guest post from Sharon Sharin, product marketing manager at WhiteSource.DeDe DevOps has become a popular buzzword in the software development industry. Many organizations have already embraced the DevOps methodology, but what about security? A common concern is that adding security to DevOps practices will severely slow down development processes, but this doesn’t need …