Entries Tagged as 'application security testing tools'
by Neil MacDonald | September 28, 2010 | Comments Off
I work with clients daily on how to change their development (and procurement) processes to product more secure code. I wrote in this blog, that application security cannot be solved with technology alone, yet I still run into organizations trying to solve their application security problems with the purchase of a static or dynamic application [...]
Category: Application Security Tags: Application Security, application security testing tools, Best Practices, Maturity Models, Microsoft
by Neil MacDonald | June 1, 2010 | 4 Comments
Interesting question – eh? There is a great amount of passion on both sides of the argument. Beyond the emotion and hype, what’s the reality? After Microsoft followed Java’s lead and adopted an interpreted byte code model (common language runtime) for .NET, our official position has been that in the hands of a skilled developer, [...]
Category: Application Security Tags: Application Security, application security testing tools, Best Practices, Microsoft Security
by Neil MacDonald | February 3, 2010 | 3 Comments
As the number of mobile smartphones increases, as several platforms begin to dominate and as users begin to download lots of executable code, they will become targets for attack. Rather than repeat the mistakes of the PC world, why can’t we do things better from a security perspective this time around? So far, most mobile [...]
Category: Beyond Anti-Virus Endpoint Protection Platform General Technology Information Security Tags: Application Security, application security testing tools, Endpoint Protection Platform, Whitelisting
by Neil MacDonald | August 25, 2009 | 15 Comments
My previous post on the value of linking web application vulnerability scanning tools with web application firewalls generated a lot of discussion. Take a look through the post and the lengthy comment string. Let me state up front that I firmly believe we should change our development processes (and developer culture) to produce more secure [...]
Category: Application Security Tags: Application Security, application security testing tools
by Neil MacDonald | August 21, 2009 | Comments Off
All static application security testing (SAST) tools work in basically the same way – they generate an intermediate representation (model) of the application that they then analyze for conditions indicative of security vulnerability. For clients, our in depth research on the SAST tool vendors is in this research note. However, just because a SAST vendor [...]
Category: Application Security Tags: Application Security, application security testing tools
by Neil MacDonald | August 19, 2009 | 27 Comments
If a web application security testing tool tells me I have a vulnerability in an application, what do I do? “Fix it” is the right answer, but not always so easy if my development organization is backlogged or, worse, I don’t have access to the source code. Another answer is to shield the application from [...]
Category: Application Security Next-generation Security Infrastructure Tags: Application Security, application security testing tools, Security No-Brainer
by Neil MacDonald | August 4, 2009 | 3 Comments
As I talked about in this post, I am a proponent of maturity models in general as they help organizations understand that there is a progression of capabilities as organization become more proficient in a discipline (in this case application security/assurance). Maturity models help people understand that changing people and processes takes time, its never [...]
Category: Application Security Tags: Application Security, application security testing tools, Best Practices
by Neil MacDonald | July 28, 2009 | Comments Off
Our full analysis of the acquisition will be published for clients shortly along with advice for customers of Ounce Labs and IBM’s Rational software offerings. IBM acquired a leading dynamic application security testing tool with Watchfire in 2007. With the acquisition of Ounce announced today, IBM adds a lesser known (smaller, but still positioned as [...]
Category: Application Security Tags: Application Security, application security testing tools
by Neil MacDonald | July 24, 2009 | 5 Comments
I’ve posted many times on the importance of application security. Recently, my colleague Joseph Feiman and I published a magic quadrant for static application security testing tools – rating the vendors and tools that analyze an application from the “inside out” looking for coding conditions indicative of a security vulnerability. In the research we describe [...]
Category: Application Security Tags: Application Security, application security testing tools
by Neil MacDonald | March 16, 2009 | 5 Comments
Take a look at this graph from the latest IBM ISS X-Force labs latest malware report and guess what it shows: We are all familiar with the explosion in malware and variants that fundamentally challenges our signature-based protection model (like endpoint antivirus). It has a growth trajectory much like the one above. Nope, that’s not [...]
Category: Application Security Tags: Application Security, application security testing tools
