Software Integrity

Archive for the 'Static Analysis (SAST)' Category

 

Swift: Close to Greatness in Programming Language Design, Part 2

Ahead of Coverity static analysis support for the Swift programming language, we are examining design decisions in the language from the perspective of defect patterns detectable with static analysis. To kick things off, I recommend reading Part 1 in this series if you have not already. Defect patterns continued: More basics Now we consider additional […]

Continue Reading...

Posted in Application Security, Static Analysis (SAST), Vulnerability Assessment | No Comments »

 

Zeroing in on Zero Days

Earlier this month WikiLeaks announced it had in its possession a cache of zero days allegedly from the Central Intelligence Agency. These unpatched vulnerabilities, it said, could affect Apple and Android devices (including TVs). It is suspected that exploitation of these vulnerabilities could allow the spy agency – or anyone else who knows about them […]

Continue Reading...

Posted in Code Review, Embedded Software Testing, Fuzz Testing, Network Security, Software Security Testing, Static Analysis (SAST) | No Comments »

 

Swift: Close to Greatness in Programming Language Design, Part 1

As we are taking our first steps toward a Coverity static analysis solution for the Swift programming language, I am discovering one of the most challenging languages yet for Coverity. This is simply because many of the easy-to-make, easy-to-find mistakes in other programming languages were designed to be difficult or impossible in Swift. However, some mistakes […]

Continue Reading...

Posted in Application Security, Static Analysis (SAST), Vulnerability Assessment | No Comments »

 

Bug Elimination: Code Scanning, Fuzzing, and Composition Analysis

When it comes to software vulnerabilities, Dr. Jared DeMott knows his stuff. Formerly a vulnerability analyst with the National Security Agency (NSA), Dr. DeMott holds his Phd. from Michigan State University. He has been on three winning DEF CON capture-the-flag (CTF) teams and talks about his vulnerability research at conferences like DerbyCon, BlackHat, ToorCon, GrrCon, […]

Continue Reading...

Posted in Application Security, Code Review, Fuzz Testing, Software Composition Analysis, Software Security Testing, Static Analysis (SAST), Web Application Security | No Comments »

 

Moving Beyond “Moving Left”: The Case for Developer Enablement

Originally posted on SecurityWeek.  For far too long software security has been comprised of a curious bifurcation of roles. Developers develop and IT security testers test for security issues. Fortunately, a confluence of circumstances has forced a recalibration of the developer’s role in software security. In fact, I think we are about to see a new […]

Continue Reading...

Posted in Security Training, Software Development Life Cycle (SDLC), Software Security Program Development, Static Analysis (SAST) | No Comments »

 

5 Questions to Ask Yourself When Deciding on the Best Static Code Analysis Tool

Buying a house is interesting because it forces you to take a look at everything that you may have taken for granted and ignored. Recently, while I was packing my tools in preparation for a move, I realized that I have eight different hammers in my toolbox. Each hammer serves a different purpose and not […]

Continue Reading...

Posted in Open Source Security, Software Security Testing, Software Testing Optimization, Static Analysis (SAST) | Comments Off on 5 Questions to Ask Yourself When Deciding on the Best Static Code Analysis Tool

 

SecureAssist Helps Developers Build Security Into Any Software Development Life Cycle

The Issue The primary goal of a software developer is to get through the edit, compile, debug workflow as efficiently as possible, ensuring that software is working correctly and is delivered on time. As a result, security isn’t a developer’s top priority. While businesses don’t want to release defective or insecure software, many don’t have […]

Continue Reading...

Posted in Software Development Life Cycle (SDLC), Software Security Testing, Static Analysis (SAST) | Comments Off on SecureAssist Helps Developers Build Security Into Any Software Development Life Cycle