The Role of SAST in DevSecOps
Most people involved in the process of creating and deploying software applications today are familiar with DevSecOps, which integrates security and operations into the software development process. In figurative terms, we think of the software development lifecycle as a timeline, starting with the design on the left and the deployment (and post-deployment activities) on the right. …
Modularity Parable and Software
In his seminal book, The Sciences of the Artificial, Herb Simon describes the parable of watchmakers named Hora and Tempus. They built watches out of 1000 parts. The watches were of the highest quality – as a result, they were often interrupted by customers calling up to place orders. However, they built watches using different techniques. Tempus …
Open-source Tools for Binary Analysis and Rewriting
Unfortunately binary-only software is unavoidable; dependencies of active software projects, firmware and applications distributed without source access, or simply old software whose developers are no longer drawing pay checks (or drawing breath). Consequently binary analysis and rewriting are topics of perennial interest to security and software engineering researchers and practitioners. Binary analysis enables the review of …
Continue reading “Open-source Tools for Binary Analysis and Rewriting”
When your brain can’t handle the complexity: NDepend and PostSharp
The size and complexity of codebases have exploded in the last decade. What can you do when your codebase no longer fits your brain? In this article I’ll suggest two completely different tools: NDepend to visualize the code, and PostSharp to reduce its complexity. Since PostSharp is itself a complex codebase, we’ll use NDepend to …
Continue reading “When your brain can’t handle the complexity: NDepend and PostSharp”
What Makes Firmware Vulnerabilities So Deadly?
Simply put, firmware is low-level software usually stored in a near-silicon form (ROM, EEPROM, or flash memory) that is used during the initial steps of bootstrapping and starting up a computer, printer, or some other kind of electronic device. Alternatively, firmware may serve to drive device-level communications with other components in a computer or other …
Continue reading “What Makes Firmware Vulnerabilities So Deadly?”
Lexington Soft Teams With TestYantra to Offer Comprehensive Software Testing Services and Solutions
Chennai, Tamil Nadu, India: Lexington Soft, a provider of enterprise software solutions for Software Development, Testing & Quality has partnered with TestYantra, a global Software Testing Company providing independent software testing services to its clients. The partnership will enable the clients seeking to automate software testing, with comprehensive solutions through a combination of industry leading Test Automation & Performance Testing …
Lexington Soft Partners With DefenseCode to Bridge the Gap Between Security and DevOps
Chennai, Tamil Nadu, India: Lexington Soft Pvt. Ltd., has been appointed as a best-in-class enterprise software products and software development tools, to represent DefenseCode across South East Asia. DefenseCode offers two licensed solutions: Its flagship product, ThunderScan® is a SAST (Static Application Security Testing, WhiteBox Testing) solution for performing deep and extensive security analysis of …
Communicating with Customers in the Event of a Breach
There are three phases of defending against cyber attacks: putting in place sufficient protections and robust authentication mechanisms to try and prevent attacks; appropriately defending against an active attack once it is discovered, and communicating accurately and effectively to customers and shareholders: What happened Why it happened What it means Let’s examine a major retailer’s …
Continue reading “Communicating with Customers in the Event of a Breach”
DefenseCode announces GitHub Action to provide SAST solution for developers
DefenseCode Group is proud to announce that DefenseCode’s Static Application Security Testing (SAST) ThunderScan® solution is now available as a GitHub Action, offering security vulnerability analysis across 30+ languages providing detailed vulnerability reports integrated into GitHub. GitHub is a developer collaboration platform and home to more than 50 million users, 3 million organizations, and over 100 …
Continue reading “DefenseCode announces GitHub Action to provide SAST solution for developers”
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
The following is a guest post from Sharon Sharin, product marketing manager at WhiteSource.DeDe DevOps has become a popular buzzword in the software development industry. Many organizations have already embraced the DevOps methodology, but what about security? A common concern is that adding security to DevOps practices will severely slow down development processes, but this doesn’t need …
Continue reading “From Zero to DevSecOps: How to Implement Security at the Speed of DevOps”
