DefenseCode GitHub integration

DefenseCode announces GitHub Action to provide SAST solution for developers

Thursday, October 08, 2020

DefenseCode Group is proud to announce that DefenseCode’s Static Application Security Testing (SAST) ThunderScan® solution is now available as a GitHub Action, offering security vulnerability analysis across 30+ languages providing detailed vulnerability reports integrated into GitHub. GitHub is a developer collaboration platform and home to more than 50 million users, 3 million organizations, and over 100 …

Codesonar update

Latest Version of CodeSonar Improves on C++ Analysis, MISRA Support; Introduces Subcommands for DevSecOps and More

Thursday, September 17, 2020

The latest version of GrammaTech CodeSonar, Version 5.4, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements. This release has several new features …

web app security

The Cyberthief’s New Best Friend: Web Apps

Thursday, September 03, 2020

Web apps are now one of the top favorites—if not the absolute favorite—means of attack by cyberthieves, based on the latest Verizon Data Breach Investigations Report, which examined 41,686 security incidents, including 2,013 confirmed data breaches. The data came from 73 sources of data accessed by the carrier, only seven of which were internal to …

SAST and SCA

SAST and SCA: Putting the Puzzle Together

Thursday, August 27, 2020

Developing correct and secure software isn’t easy. A typical application includes a large amount of original and third-party code, and it all has to work together without opening up security holes. Any change to existing code, whether it’s a simple refactoring or the addition of a major feature, could create a new risk. Checking the …

CodeSonar for Java and C#. Julia tools.

Expanding CodeSonar SAST Capabilities with Java and C#

Wednesday, August 05, 2020

GrammaTech recently acquired the intellectual property and assets of JuliaSoft S.r.l. to extend its CodeSonar Static Application Security Testing (SAST) platform with automated code analysis for Java and C# code. This an exciting announcement because of how well the Julia static analysis engine fits with CodeSonar and both team’s approach to quality, safety and security. …

Application Security Testing Techniques

Recommended Application Security Testing (AST) Techniques

Thursday, July 23, 2020

There are some very interesting takeaways from Gartner’s recent report “How to Deploy and Perform Application Security Testing” (published March 20, 2020, Gartner subscription required). Primarily, “application security testing (AST) is a critical practice within the software development life cycle (SDLC) and covers multiple techniques, from early development stages through to, and including, production.” Clearly, …

codesonar 5.3 features

Latest Version of CodeSonar Improves on Functional Safety, MISRA Support, C++ Parsing and Visualization

Thursday, June 25, 2020

The latest version of GrammaTech CodeSonar, Version 5.3, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements. This release of CodeSonar includes improvements …

Kiuwan cybersecurity tool

Cybersecurity: How Safe are Voice Assistants?

Thursday, June 04, 2020

This new age in Artificial Intelligence is fascinating- and terrifying too. From ubiquitous digital assistants like Siri and Alexa to usage on factory floors, the impact of AI is by all means dizzying. Your cell phone mostly features a voice assistant. At best, Apple’s Siri- for instance- may seem like a “naïve” helper that can check weather …

New Release!

Kiuwan Release Announcement – May 12, 2020

Thursday, May 21, 2020

We are pleased to announce that on May 12, 2020 we rolled out a new Kiuwan release! We have made some changes in the way Kiuwan handles delivery analyses, we have added some REST API enhancements, and rolled out all of the latest changes to Kiuwan On-Premises. Read more details about this Kiuwan release below. …

Cross Site Scripting

Is Cross-Site Scripting Still a Thing?

Monday, April 27, 2020

Though cross-site scripting — often abbreviated XSS — has been around since the start of this century, it remains a pressing security concern on today’s web. First introduced by Microsoft engineers in January 2000, XSS seeks to bamboozle protections and permissions granted to one URL through its access by introducing scripts, programs and other active content …