Collaborate Disseminate
What type of vulnerabilities would be found additional in a source code review vs a pentest?
If my organization performs regular grey box pentests, do we really require to perform source code reviews?
What type of vulnerabilities would be found additional in a source code review vs a pentest?
If my organization performs regular grey box pentests, do we really require to perform source code reviews?
Although third-party software libraries represent a majority of an application’s code, they account for less than seven percent of application vulnerabilities. Typically, applications contain both custom code – the code developed by an organization – and third-party libraries. Contrast Labs analyzed 1,857 software applications, which included several thousand different open source libraries, frameworks, and modules, and found that custom code represents an average of 21 percent of an application’s code, and libraries occupy the remaining … More → Continue reading Custom code accounts for 93% of application vulnerabilities
What strategy/approach/method should I use to ensure that programmers aren’t deliberately including backdoor or accidentally creating security flaws? This is in regards to SharePoint hosted app in Office 365, when deployment … Continue reading Ensuring security for SharePoint hosted app (Office 365)
Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & Innovation (COSRI) analyzed 1,071 applications audited during 2016 and found both high levels of open source usage – 96% of the apps contained open source – and significant risk to open source security vulnerabilities – more than 60% of the apps contained open source security vulnerabilities. Notably, audit results of applications … More → Continue reading Organizations are not effectively dealing with open source security threats
Let’s say that you have built an application. It doesn’t really matter which type of application but the security of the application is a very important feature.
How do you proceed to gain some credibility that your applicat… Continue reading How to gain credibility for your application?
I am looking for alternative OS, and security is a key concern. I am interested in reading reviews which compare or simply deal with the security merits of OS, and which moreover not only consider the aspects
is the code op… Continue reading Do comparative reviews of OS safety exist, which consider the code volume?
I need to perform a security code review on a huge Swift application. I have done many mobile penetration tests before and some code review but never on iOS Swift Apps. I am primarily looking for information and reference mat… Continue reading Security code review Apple Swift – tools and documentation
I need to perform a security code review on a huge Swift application. I have done many mobile penetration tests before and some code review but never on iOS Swift Apps. I am primarily looking for information and reference mat… Continue reading Security code review Apple Swift – tools and documentation
What are some metrics to be used to evaluate a SaaS app’s security?
Some examples:
static code analysis (Fortify)
code coverage (bugs being a potential source of vulnerabilities)
others?
In case it isn’t obvious, the cod… Continue reading What are some metrics to be used to evaluate SaaS security?