Collaborate Disseminate
Android is, for most people, a mobile operating system for their phone or tablet. In fact, it’s an extremely successful open source platform in general. It’s common in automobile infotainment systems, set top boxes and even finds its way into indu… Continue reading Multi-language SAST and SCA for Android Platforms and Applications
The post GrammaTech Congratulates Long Time Customer, Jet Propulsion Laboratory, on their Successful Landing of Perseverance Rover appeared first on Security Boulevard.
Continue reading GrammaTech Congratulates Long Time Customer, Jet Propulsion Laboratory, on their Successful Landing of Perseverance Rover
Software development is hard work. Developing C or C++ software that has to be safe and secure is even more difficult. How do you ensure that your end-product behaves the way that you intend it to? As a first step, automated testing is really … Continue reading On Demand Webinar featuring Solid Sands | Safety and Security Critical Software: Start with the End in Mind
The development of a fully optimized and secure application or software requires a wide array of testing tools and analyzers to verify the quality of the application and to make sure that it is running as expected. There are several testing methodolog… Continue reading Dynamic Code Analysis: A Primer
Consider a scenario, where your AV / EDR software has to exclude paths of database files as suggested by vendors to avoid affecting performance or stability issues.
You want to review your database for integrity with the aim to make sure t… Continue reading What tools/checklists can help determine the presence of malicious code in a database? MS SQL specifically
We’re a software development team who outsource security testing. We schedule design reviews and penetration testing every 6-12 months. We’ve realised how bad this sounds and have been investigating automated testing, e.g static code analy… Continue reading Automated testing maturity model
Third-party application programming interfaces (APIs), libraries, and frameworks are a fact for modern software developers. They are usually complex, rapidly evolving, and sometimes poorly documented. According to industry estimates, open-source c… Continue reading SWAP Detector: Preventing API Errors from Swapped Arguments
by Kevin Higgs, Montgomery Blair High School Iterator invalidation is a common and subtle class of C++ bugs that often leads to exploitable vulnerabilities. During my Trail of Bits internship this summer, I developed Itergator, a set of CodeQL classes … Continue reading Detecting Iterator Invalidation with CodeQL
by Kevin Higgs, Montgomery Blair High School Iterator invalidation is a common and subtle class of C++ bugs that often leads to exploitable vulnerabilities. During my Trail of Bits internship this summer, I developed Itergator, a set of CodeQL classes … Continue reading Detecting Iterator Invalidation with CodeQL
The BSIMM is an annual study of the real-world software security initiatives – “SSIs” in the report – across the software industry drawing from data and experience from 130 organizations. Rather than repeat the aim of the study, this quote sums it… Continue reading What the Building In Security Maturity Model (BSIMM) Says About the Role of SAST and SCA