
Create a Web Application Security Blueprint
The best way to make web applications secure is to include security at every step along the development process, from requirements analysis, to design, to implementation and testing, and into maintenance and update phases. To that end, it’s wise to consider a kind of “security blueprint” as part and parcel of how you work through …
Continue reading “Create a Web Application Security Blueprint”

Lexington Soft Partners With DefenseCode to Bridge the Gap Between Security and DevOps
Chennai, Tamil Nadu, India: Lexington Soft Pvt. Ltd., has been appointed as a best-in-class enterprise software products and software development tools, to represent DefenseCode across South East Asia. DefenseCode offers two licensed solutions: Its flagship product, ThunderScan® is a SAST (Static Application Security Testing, WhiteBox Testing) solution for performing deep and extensive security analysis of …

DefenseCode announces GitHub Action to provide SAST solution for developers
DefenseCode Group is proud to announce that DefenseCode’s Static Application Security Testing (SAST) ThunderScan® solution is now available as a GitHub Action, offering security vulnerability analysis across 30+ languages providing detailed vulnerability reports integrated into GitHub. GitHub is a developer collaboration platform and home to more than 50 million users, 3 million organizations, and over 100 …
Continue reading “DefenseCode announces GitHub Action to provide SAST solution for developers”

The Cyberthief’s New Best Friend: Web Apps
Web apps are now one of the top favorites—if not the absolute favorite—means of attack by cyberthieves, based on the latest Verizon Data Breach Investigations Report, which examined 41,686 security incidents, including 2,013 confirmed data breaches. The data came from 73 sources of data accessed by the carrier, only seven of which were internal to …
Continue reading “The Cyberthief’s New Best Friend: Web Apps”

SAST and SCA: Putting the Puzzle Together
Developing correct and secure software isn’t easy. A typical application includes a large amount of original and third-party code, and it all has to work together without opening up security holes. Any change to existing code, whether it’s a simple refactoring or the addition of a major feature, could create a new risk. Checking the …
Continue reading “SAST and SCA: Putting the Puzzle Together”

Expanding CodeSonar SAST Capabilities with Java and C#
GrammaTech recently acquired the intellectual property and assets of JuliaSoft S.r.l. to extend its CodeSonar Static Application Security Testing (SAST) platform with automated code analysis for Java and C# code. This an exciting announcement because of how well the Julia static analysis engine fits with CodeSonar and both team’s approach to quality, safety and security. …
Continue reading “Expanding CodeSonar SAST Capabilities with Java and C#”

Recommended Application Security Testing (AST) Techniques
There are some very interesting takeaways from Gartner’s recent report “How to Deploy and Perform Application Security Testing” (published March 20, 2020, Gartner subscription required). Primarily, “application security testing (AST) is a critical practice within the software development life cycle (SDLC) and covers multiple techniques, from early development stages through to, and including, production.” Clearly, …
Continue reading “Recommended Application Security Testing (AST) Techniques”

Latest Version of CodeSonar Improves on Functional Safety, MISRA Support, C++ Parsing and Visualization
The latest version of GrammaTech CodeSonar, Version 5.3, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements. This release of CodeSonar includes improvements …

Kiuwan Release Announcement – May 12, 2020
We are pleased to announce that on May 12, 2020 we rolled out a new Kiuwan release! We have made some changes in the way Kiuwan handles delivery analyses, we have added some REST API enhancements, and rolled out all of the latest changes to Kiuwan On-Premises. Read more details about this Kiuwan release below. …
Continue reading “Kiuwan Release Announcement – May 12, 2020”

Is Cross-Site Scripting Still a Thing?
Though cross-site scripting — often abbreviated XSS — has been around since the start of this century, it remains a pressing security concern on today’s web. First introduced by Microsoft engineers in January 2000, XSS seeks to bamboozle protections and permissions granted to one URL through its access by introducing scripts, programs and other active content …