Code Dx Application Security Blog
In the world of application security testing, the terms “code coverage” and “vulnerability coverage” are frequently used. But what do they really mean? Essentially, code coverage is the amount of the code that is scanned to identify potential vulnerabilities in a software application. Vulnerability coverage refers to the number of defects or system misconfigurations in the software code that could pose potential threats.read more
At RSA 2019, Deb Radcliff talked with Anita D'Amico, CEO of Code Dx, an application testing company that is one of the DHS-funded startups at RSA. "DHS S&T wants people to adopt good cybersecurity practices, so they're trying to get innovative cybersecurity...read more
Code Dx CEO Dr. Anita D'Amico, PhD, was featured in an article and interviewed by Cybercrime Magazine. You can read the article by Steven T. Kroll at CyberSecurity Ventures. You can watch the the interview with Dr. D'Amico below.read more
An article by Ken Prole, CTO of Code Dx, was published in the Security Today magazine’s April 2019 edition.read more
If your company handles payment transactions of any type, then you’re familiar with the Payment Card Industry Data Security Standard (PCI DSS)—a group of security standards designed to create and maintain a secure environment for any company that accepts, processes, stores, or transmits credit card information. Because we provide tools for application security, we will focus primarily on how this regulation affects companies building applications.read more
Manually reviewing findings from code quality and security testing tools is plenty of work on its own, without dealing with unnecessary duplicates. As code moves around with edits, many static analysis tools report findings associated with that code as new, even...read more
One hundred percent—all of the applications Positive Technologies tested—had some kind of vulnerability. You might think, “Yeah, but how many of those were real, critical vulnerabilities?” Well, ninety-four percent of web applications tested contained a high-severity software flaw. Eighty-five percent of those same applications contained at least one confirmed, exploitable vulnerability.read more
A recent Newsday article by Ken Schachter titled “Progress slow in adding women in the boardrooms” includes Code Dx CEO, Dr. Anita D’Amico.read more
Web application attacks are on the rise. A recent study found that they were the primary cause of reported breaches in 2017 and Q1 2018. This marked increase is partly due to the greater variety in web application vulnerabilities, as new attack vectors are found and exploited.read more
Code Dx, Inc., today announced that Code Dx Enterprise has won the CyberSecurity Breakthrough Award for the Vulnerability Management Solutions of the Year. CyberSecurity Breakthrough Award recognizes excellence in information security and cybersecurity technology companies, products and people.read more
Code reuse (or software reuse) is defined exactly as one would expect: reusing code that already exists either within your organization or externally when developing new software.
The existing code may be reused to perform the same or very similar function. There are varying degrees of code reuse, ranging from repurposing a small section of internal code to relying on large third-party libraries and open-source frameworks.
Continuous Integration (CI) and Continuous Delivery (CD), or CI/CD, are part of the Agile approach to software development. The most prominent aspect of Agile development—and it’s most important rule—is that it requires software development to be responsive to change through an iterative process.read more
Dr. Anita D’Amico and Chris Horn gave a well-received presentation at AppSec USA about: Human factors that influence secure software development. Their presentation was quoted as: “…one of the best talks I’ve seen in the last several years.”read more
The 2018 Global Security Report from Trustwave found that all web applications are vulnerable to attack. Yes, you read that right. All applications had at least one vulnerability, and the average number of vulnerabilities found per application was eleven.read more
DevOps and DevSecOps are terms that application development and security teams have become very familiar with in the past few years, especially as internet-connected users demand constant updates and improvements to applications.read more
Everywhere you look, people are on their smartphones. These devices have become a permanent fixture in our lives. We spend more time on our smartphones than we do on our desktops, making mobile devices a bigger target for cyber attacks. To make matters worse, the vast...read more
Some predict that cybercrimes will cost $6 trillion in damages per year by 2021. In response, governments around the world have decided to fight back against cyberattacks and counter threats with a host of new cybersecurity regulations for financial services.read more
Gartner expects global enterprise security spending to increase 8% from 2017, reaching a total of $96.3 billion in 2018. Increased awareness of security threats (thanks to more high-profile breaches at companies such as Equifax) and regulatory compliance are two of...read more
The Info Security Products Guide recently asked a number of industry leaders to offer their thoughts and predictions on the direction of cyber security in 2018. Our CEO Dr. Anita D’Amico was included in this esteemed group.read more
Application security testing is an integral part of the development process. A proper testing methodology utilizes multiple tools (and types of tools) and incorporates application security testing into the design, development, and production phases of the application development lifecycle. But you may find yourself overwhelmed by the inundation of results from all of these testing tools.read more
Code Dx has won Best Next Generation Vulnerability Management Solution at the 2018 Annual Cyber Defense Magazine InfoSec Awards! The winners were announced online and in print during the kickoff of RSA 2018 in San Francisco, April 16th.read more
Code Dx Enterprise 3.0 Now Offers Static and Dynamic Hybrid Analysis for Application Security Testing
Code Dx, Inc. today announced a significant new capability— Static & Dynamic Hybrid Analysis—to be included in Code Dx Enterprise 3.0. In addition to Hybrid Analysis, Code Dx Enterprise 3.0 supports and integrates with more than 40 commercial and open-source SAST, DAST, and IAST tools and techniques to provide total software application vulnerability correlation and management.read more
Information security breaches continue to make headlines. 2017 and early 2018 saw several major organizations such as Equifax and even the IRS fall prey to hackers who exploited security vulnerabilities.
Attacks come fast, starting within one day of Common Vulnerabilities and Exposures (CVEs) being released. Sometimes, zero days. How do you protect yourself?
The cost and time required for comprehensive application security testing often deters businesses from implementing a proper strategy for testing and remediation of vulnerabilities. Of course, that’s asking for trouble. Fortunately, the process can be streamlined, enabling you to conduct application security testing in a more efficient and timely manner.read more
Web application attacks are on the rise, with a 69% increase from Q3 2016 to Q3 2017. There has been a large increase in attacks coming from the U.S., with an increase of more than 200% in U.S.-based attacks on web applications in just one year. If you weren’t worried about security issues with your web applications before, you should be now. This article provides more details on why web application security should always be on your mind, and what you need to do to protect yourself, your business, and your users.read more