
Create a Web Application Security Blueprint
The best way to make web applications secure is to include security at every step along the development process, from requirements analysis, to design, to implementation and testing, and into maintenance and update phases. To that end, it’s wise to consider a kind of “security blueprint” as part and parcel of how you work through …
Continue reading “Create a Web Application Security Blueprint”

The Role of SAST in DevSecOps
Most people involved in the process of creating and deploying software applications today are familiar with DevSecOps, which integrates security and operations into the software development process. In figurative terms, we think of the software development lifecycle as a timeline, starting with the design on the left and the deployment (and post-deployment activities) on the right. …

DefenseCode announces GitHub Action to provide SAST solution for developers
DefenseCode Group is proud to announce that DefenseCode’s Static Application Security Testing (SAST) ThunderScan® solution is now available as a GitHub Action, offering security vulnerability analysis across 30+ languages providing detailed vulnerability reports integrated into GitHub. GitHub is a developer collaboration platform and home to more than 50 million users, 3 million organizations, and over 100 …
Continue reading “DefenseCode announces GitHub Action to provide SAST solution for developers”

Latest Version of CodeSonar Improves on C++ Analysis, MISRA Support; Introduces Subcommands for DevSecOps and More
The latest version of GrammaTech CodeSonar, Version 5.4, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements. This release has several new features …

The Cyberthief’s New Best Friend: Web Apps
Web apps are now one of the top favorites—if not the absolute favorite—means of attack by cyberthieves, based on the latest Verizon Data Breach Investigations Report, which examined 41,686 security incidents, including 2,013 confirmed data breaches. The data came from 73 sources of data accessed by the carrier, only seven of which were internal to …
Continue reading “The Cyberthief’s New Best Friend: Web Apps”

SAST and SCA: Putting the Puzzle Together
Developing correct and secure software isn’t easy. A typical application includes a large amount of original and third-party code, and it all has to work together without opening up security holes. Any change to existing code, whether it’s a simple refactoring or the addition of a major feature, could create a new risk. Checking the …
Continue reading “SAST and SCA: Putting the Puzzle Together”

Expanding CodeSonar SAST Capabilities with Java and C#
GrammaTech recently acquired the intellectual property and assets of JuliaSoft S.r.l. to extend its CodeSonar Static Application Security Testing (SAST) platform with automated code analysis for Java and C# code. This an exciting announcement because of how well the Julia static analysis engine fits with CodeSonar and both team’s approach to quality, safety and security. …
Continue reading “Expanding CodeSonar SAST Capabilities with Java and C#”

Recommended Application Security Testing (AST) Techniques
There are some very interesting takeaways from Gartner’s recent report “How to Deploy and Perform Application Security Testing” (published March 20, 2020, Gartner subscription required). Primarily, “application security testing (AST) is a critical practice within the software development life cycle (SDLC) and covers multiple techniques, from early development stages through to, and including, production.” Clearly, …
Continue reading “Recommended Application Security Testing (AST) Techniques”

Latest Version of CodeSonar Improves on Functional Safety, MISRA Support, C++ Parsing and Visualization
The latest version of GrammaTech CodeSonar, Version 5.3, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements. This release of CodeSonar includes improvements …

Cybersecurity: How Safe are Voice Assistants?
This new age in Artificial Intelligence is fascinating- and terrifying too. From ubiquitous digital assistants like Siri and Alexa to usage on factory floors, the impact of AI is by all means dizzying. Your cell phone mostly features a voice assistant. At best, Apple’s Siri- for instance- may seem like a “naïve” helper that can check weather …
Continue reading “Cybersecurity: How Safe are Voice Assistants?”