Code Dx Application Security Blog

Vulnerability Management: Is 100% code and vulnerability coverage realistic?

In the world of application security testing, the terms “code coverage” and “vulnerability coverage” are frequently used. But what do they really mean? Essentially, code coverage is the amount of the code that is scanned to identify potential vulnerabilities in a software application. Vulnerability coverage refers to the number of defects or system misconfigurations in the software code that could pose potential threats.

read more

Everything you need for PCI compliance scan success

If your company handles payment transactions of any type, then you’re  familiar with the Payment Card Industry Data Security Standard (PCI DSS)—a group of security standards designed to create and maintain a secure environment for any company that accepts, processes, stores, or transmits credit card information. Because we provide tools for application security, we will focus primarily on how this regulation affects companies building applications.  

read more

The perfect union: Vulnerability Assessment and Penetration Testing (VAPT)

One hundred percent—all of the applications Positive Technologies tested—had some kind of vulnerability. You might think, “Yeah, but how many of those were real, critical vulnerabilities?” Well, ninety-four percent of web applications tested contained a high-severity software flaw. Eighty-five percent of those same applications contained at least one confirmed, exploitable vulnerability.

read more

Code reuse: How to reap the benefits and avoid the dangers

Code reuse (or software reuse) is defined exactly as one would expect: reusing code that already exists either within your organization or externally when developing new software.
The existing code may be reused to perform the same or very similar function. There are varying degrees of code reuse, ranging from repurposing a small section of internal code to relying on large third-party libraries and open-source frameworks.

read more

Data, data everywhere: How to effectively manage the deluge of SAST and DAST results

Application security testing is an integral part of the development process. A proper testing methodology utilizes multiple tools (and types of tools) and incorporates application security testing into the design, development, and production phases of the application development lifecycle. But you may find yourself overwhelmed by the inundation of results from all of these testing tools.

read more

Code Dx Enterprise 3.0 Now Offers Static and Dynamic Hybrid Analysis for Application Security Testing

Code Dx, Inc. today announced a significant new capability— Static & Dynamic Hybrid Analysis—to be included in Code Dx Enterprise 3.0. In addition to Hybrid Analysis, Code Dx Enterprise 3.0 supports and integrates with more than 40 commercial and open-source SAST, DAST, and IAST tools and techniques to provide total software application vulnerability correlation and management.

read more

Security issues with web apps: Why we need to worry – and what you can do

Web application attacks are on the rise, with a 69% increase from Q3 2016 to Q3 2017. There has been a large increase in attacks coming from the U.S., with an increase of more than 200% in U.S.-based attacks on web applications in just one year. If you weren’t worried about security issues with your web applications before, you should be now. This article provides more details on why web application security should always be on your mind, and what you need to do to protect yourself, your business, and your users.

read more

© Code Dx, Inc. (631) 759-3993 | Privacy Policy | Contact Us