The developerWorks Connections platform will be sunset on January 2, 2020. This blog will no longer be available unless an extension has been requested. More details available on our FAQ.
with Tags:
fortify
X
X
All posts
- Sort by:
- Date
- Title
- Likes
- Comments ▼
- Views
The AppScan Security Appliance - How The Mainframe Can Transform Application Security
** Re-posting this entry from the Message Board **
IBM Security Systems Has All The Artillery To Dominate the Security Battlefield It just needs to be deployed properly.. → Some factors that may explain the current state of the application security maturity [extremely low]: Development organizations
continue to lack the necessary security training and processes to
translate 'security requirements' into a secure design with
appropriate unit tests.
The intense pace development of
new technologies and migration of... [More]
Tags: static_analysis development findings_viewer security_appliance fuzzing appscan_source applicance fxcop ounce correlation github appscan_for_analysis java sp1r0 o2 veracode fortify appscan_appliance o2platform checkmarx fluentsharp |
Hijacking Windows Handles - Fun for the Whole Family
As promised in the overview of this
blog, I am going to being demonstrating / releasing some utilities
that push the limits of what is normally considered possible in a
windows environment.
This should be considered both an
effort to educate the general public about the pace at which security
is changing (where exactly is the sandbox now??) and also to shed some light
on the power of the O2 Platform , since it seems to me that right now may be one of the rare times in the 'application security arms race', where The Developers Have A... [More]
Tags: fortify sink github handles spring encoding o2platform mvc taint_propagators wafl struts hijacking static_analysis checkmarx kernel handle_hijacking source windows jn14net validation taint callbacks java frameworks |
AppScan Source Trace Stitiching
Difficult
to present Findings with Disconnected Data-Flows Any time I've found
myself faced with a real-world, web application, scanning and
presenting the AppScan Source Edition Findings, I always arrive
at the point at which I have Triaged, Analyzed, Filtered and otherwise
massaged the raw results into the 'data-flow pieces', which in totality represent
the true vulnerabilities that I've found. The most difficult
part of this exercise is then to construct [for the results consumer] a realistic picture of what an actual round trip of... [More]
Tags: fortify struts findings_viewer o2platform sp1r0 frameworks java static_analysis ounce appscan fuzzing findings jn14net github appscan_for_analysis checkmarx spring fxcop o2 mvc development kernel results appscan_source fluentsharp |
AppScan Source Edition Findings Viewer Utility
An Easy Way To View AppScan Source
Findings from Multiple .ozasmt Files For many years now, I have been dealing with the tens of
thousands of Findings that are generated from an average size web
application scanned with AppScan Source Edition. Although there have been numerous improvements to the
user interface and the Findings representation to accommodate the
huge amount of data that is necessarily generated, I find that my
approach to static analysis ( I want Millions of Findings, i.e. ALL
Possible Traces ) demands that multiple... [More]
Tags: struts fuzzing spring results ounce development sp1r0 static_analysis fortify findings github appscan_source mvc java kernel fluentsharp fxcop findings_viewer frameworks appscan jn14net o2platform checkmarx o2 appscan_for_analysis |
