Putting the Principle of Least Privilege to Work for Web Apps
With an ever-increasing proportion of day-to-day work on the desktop occurring in the form of web-based applications, organizations need to rethink how those applications work. They also need to examine – and in some cases tighten up – how web-based apps (or rather, the processes within which they operate) make use of privileges and access …
Continue reading “Putting the Principle of Least Privilege to Work for Web Apps”
Latest Version of CodeSonar Improves on C++ Analysis, MISRA Support; Introduces Subcommands for DevSecOps and More
The latest version of GrammaTech CodeSonar, Version 5.4, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements. This release has several new features …
Top 10 Visual Studio Refactoring Tips
With the version 2019 Visual Studio is now mature when it comes to refactoring. This post proposes a tour of the top 10 most used refactoring actions in my opinion. ) Renaming an Identifier With Ctrl+R,R you can rename any code identifier: a variable, a field, a class… The renaming experience is pretty clean when only one …
The Cyberthief’s New Best Friend: Web Apps
Web apps are now one of the top favorites—if not the absolute favorite—means of attack by cyberthieves, based on the latest Verizon Data Breach Investigations Report, which examined 41,686 security incidents, including 2,013 confirmed data breaches. The data came from 73 sources of data accessed by the carrier, only seven of which were internal to …
Continue reading “The Cyberthief’s New Best Friend: Web Apps”
SAST and SCA: Putting the Puzzle Together
Developing correct and secure software isn’t easy. A typical application includes a large amount of original and third-party code, and it all has to work together without opening up security holes. Any change to existing code, whether it’s a simple refactoring or the addition of a major feature, could create a new risk. Checking the …
Continue reading “SAST and SCA: Putting the Puzzle Together”
Modularity and Agile Architecture
What is Agile Architecture? Architecture is an important aspect of agile software development efforts. It is critical to scaling agile to meet the needs of the business. “Agile architecture is a set of values and practices that support the active evolution of the design of a system, concurrent with the implementation of new business functionality”. The …
A Developer’s Perspective of CI/CD Integrations with SwaggerHub
In my career thus far I’ve been very fortunate to have held positions at various stages along the software development lifecycle and beyond. It’s given me great insight and appreciation for the demands of today’s developers. Whether I’ve been speaking to frustrated developers on a product demo, or in the depths of the code base …
Continue reading “A Developer’s Perspective of CI/CD Integrations with SwaggerHub”
Expanding CodeSonar SAST Capabilities with Java and C#
GrammaTech recently acquired the intellectual property and assets of JuliaSoft S.r.l. to extend its CodeSonar Static Application Security Testing (SAST) platform with automated code analysis for Java and C# code. This an exciting announcement because of how well the Julia static analysis engine fits with CodeSonar and both team’s approach to quality, safety and security. …
Continue reading “Expanding CodeSonar SAST Capabilities with Java and C#”
Technical Debt Management with Feature Flags: Strategy & Best Practices
Technical debt is accumulated as unmanaged flags accrue in an application’s code. And the associated marginal gain (i.e. each unmanaged flag added) directly impacts the amount of time and resources needed for testing. This can lead to more serious issues with the affected development, performance/testing and product processes becoming more expensive. As software teams grow …
Continue reading “Technical Debt Management with Feature Flags: Strategy & Best Practices”
Recommended Application Security Testing (AST) Techniques
There are some very interesting takeaways from Gartner’s recent report “How to Deploy and Perform Application Security Testing” (published March 20, 2020, Gartner subscription required). Primarily, “application security testing (AST) is a critical practice within the software development life cycle (SDLC) and covers multiple techniques, from early development stages through to, and including, production.” Clearly, …
Continue reading “Recommended Application Security Testing (AST) Techniques”
