Collaborate Disseminate
I am planning to purchase a security tool like fortify, or sonarqube or snyk.
How do you evaluate if the scanner really picks up static vulnerabilities and malware, as well runtime attacks?
Any good docker image sample which contains good … Continue reading How do you test security tools
The development of a fully optimized and secure application or software requires a wide array of testing tools and analyzers to verify the quality of the application and to make sure that it is running as expected. There are several testing methodolog… Continue reading Dynamic Code Analysis: A Primer
We’re a software development team who outsource security testing. We schedule design reviews and penetration testing every 6-12 months. We’ve realised how bad this sounds and have been investigating automated testing, e.g static code analy… Continue reading Automated testing maturity model
We’re in need of a file analysis solution. We need a way to analyze and assess files with unknown contents that in some cases may have confidential information within them. Due to this risk of confidential information, we either need a rep… Continue reading File analysis solution [closed]
I’m new to iOS testing and have been looking for tools that work for iOS 12 on iPhone 6. But couldn’t find any except Passionfruit. I’m looking for static and dynamic analysis tools. Please let me know if you’ve any info.
Continue reading Pentesting tools for iOS 12 on iPhone 6 [closed]
I have the following code in my frontend javascript which basically reads the csrf cookie value and sets that in the ajax calls done via jquery.
var csrftoken = self.getCookie(‘csrftoken’);
xhr.setRequestHeader(“X-CSRFToken”, csrf… Continue reading VeraCode static code scan reports "Improper Neutralization of CRLF Sequences in HTTP Headers" for frontend code
Veracode is reporting a security issue on a piece of code which seems pretty innocuous to me. The code is built with python/Django and the line in question is:
return render(request, ‘core/create-user.html’, context)
Imagine reducing the amount of code and time needed to test software, while at the same time increasing the efficacy of your tests and making your debugging tasks easier—all with minimal human effort. It seems too good to be true, but we’re… Continue reading Everything You Ever Wanted To Know About Test-Case Reduction, But Didn’t Know to Ask
Parsing is hard, even when a file format is well specified. But when the specification is ambiguous, it leads to unintended and strange parser and interpreter behaviors that make file formats susceptible to security vulnerabilities. What if we could au… Continue reading Two New Tools that Tame the Treachery of Files
I know that MobSF is generally well recommended as the OSS solution for code scanning of mobile devices.
To my knowledge though, it only performs dynamic analysis of android applications (and you need genymotion?). Is there… Continue reading Mobile Code Scanning