appsec Archives - Code Curmudgeon

How to know when you need SBOM

Posted on February 19, 2021 by Code Curmudgeon

whiteboard sign held by man mostly obscured by it. On the sign is a simple flowchart that tells you you should use SBOM

Just for grins – people say I probably talk about Software Bill of Materials or SBOM too much. It’s definitely something I think will...

CWE Top 25 2019 and On the Cusp

Posted on November 21, 2019 by Code Curmudgeon

The CWE Top 25 has been updated for 2019. It’s the first change to this important list of cybersecurity issues since 2011. They also...

SCA is the Latest AppSec Silver Bullet

Posted on August 15, 2019 by Code Curmudgeon

Silver bullet business stamp isolated on a white background.

The realm of application security and cybersecurity is littered with promised silver bullets. New technologies come along and promise to solve all your old...

Is Testing the Best Way to Secure Your Application

Posted on July 19, 2019 by Code Curmudgeon

short chain of red dominoes falling against the palm of a hand

If I had to guess, I’d say that a lot more people spend a lot more time trying to test security into software than...

1 2 3 … 5 Next ›

Definitioner

CAN (Controller Area Network): Controller Area Network aka CAN aka CAN Bus is a wiring standard for vehicles that enables communication between various components and devices without having a host computer. For example doors, brakes, transmission.
SAST: SAST is security testing that is done on source, byte-code, or binaries but without actually executing them - thus the "static" testing. Typically this includes things like software metrics, static code analysis and even peer review. SAST provides a white-box or inside view to the application. It can both find possible vulnerabilities and weaknesses by looking for anti-patterns as well as enforcing secure software engineering standards by looking for proper patterns.
static code analysis (4G): The 4th generation of cellular wireless standards - it's the successor the 3G. There is a vast difference between how carriers interpret and implement 4G at the current time, ranging from HSPA to WiMax to LTE, each has difference performance characteristics. The standard requires peak data rates from 100 Mbit/s for high mobility to 1Gbit/s for low mobility.
static code analysis (early-adopter): Someone who likes to have the latest and greatest things. They upgrade because something is newer, bigger, faster, has better numbers, etc. Sometimes they're right, but frequently the benefit of the new numbers is not measurable.
static code analysis (pattern-based analysis): A form of static analysis where patterns of either good or bad code are stored as rules and compared against a code base without executing the code, to find potential violations.
static analysis: Any form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code review, etc.
static code analysis (static analysis): Any form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code review, etc.