Detecting vulnerable code in software dependencies is more complex than it seems

In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within software dependencies. Plate also discusses the limitations of traditional sof… Continue reading Detecting vulnerable code in software dependencies is more complex than it seems

MobSF: Open-source security research platform for mobile apps

The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and p… Continue reading MobSF: Open-source security research platform for mobile apps

RiskInDroid: Open-source risk analysis of Android apps

RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques. How RiskInDroid works “A user should be able to quickly assess an application’s level o… Continue reading RiskInDroid: Open-source risk analysis of Android apps

What does optimal software security analysis look like?

In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. He explains how these tools can complement human knowledge to enhance software security analysis a… Continue reading What does optimal software security analysis look like?

3-2-1, Lift off! It’s Time to Elevate Your Development with Sonatype Lift

Deep code analysis designed for developers and focused on code quality is here.
When you have an awesome new product aimed at helping developers catch and fix code quality issues during code review, it’s hard not to get excited. Then, combine that… Continue reading 3-2-1, Lift off! It’s Time to Elevate Your Development with Sonatype Lift

Get Your SQL Statements Right the First Time With SQL Lint

What’s your average success rate of getting a SQL statement right on the first try? In best case, you botched a simple statement without side effects and just have to try again with correct syntax or remove that typo from a table name, but things can easily go wrong fast …read more

Continue reading Get Your SQL Statements Right the First Time With SQL Lint

Facebook open-sources a static analyzer for Python code

Need a tool to check your Python-based applications for security issues? Facebook has open-sourced Pysa (Python Static Analyzer), a tool that looks at how data flows through the code and helps developers prevent data flowing into places it shouldn’t. H… Continue reading Facebook open-sources a static analyzer for Python code

Automate manual security, risk, and compliance processes in software development

The future of business relies on being digital – but all software deployed needs to be secure and protect privacy. Yet, responsible cybersecurity gets in the way of what any company really wants to do: innovate fast, stay ahead of the competition, and … Continue reading Automate manual security, risk, and compliance processes in software development

Microsoft Application Inspector: Check open source components for unwanted features

Want to know what’s in an open source software component before you use it? Microsoft Application Inspector will tell you what it does and spots potentially unwanted features – or backdoors. About Microsoft Application Inspector “At M… Continue reading Microsoft Application Inspector: Check open source components for unwanted features