cybersecurity Archives - Code Curmudgeon

The realm of application security and cybersecurity is littered with promised silver bullets. New technologies come along and promise to solve all your old...

Definitioner

SCA

SCA or software composition analysis means that you analyze what "other" software is included in your application or system. For example do you use a commercially available library, an open source library, or build OSS straight into your application. If so, then you should be scanning these from a security perspective for known vulnerabilities so you can patch and keep them up-to-date to avoid zero-day security issues.

software composition analysis (SCA)

CAN (Controller Area Network)

Controller Area Network aka CAN aka CAN Bus is a wiring standard for vehicles that enables communication between various components and devices without having a host computer. For example doors, brakes, transmission.

SAST

SAST is security testing that is done on source, byte-code, or binaries but without actually executing them - thus the "static" testing. Typically this includes things like software metrics, static code analysis and even peer review. SAST provides a white-box or inside view to the application. It can both find possible vulnerabilities and weaknesses by looking for anti-patterns as well as enforcing secure software engineering standards by looking for proper patterns.

static code analysis (4G)

The 4th generation of cellular wireless standards - it's the successor the 3G. There is a vast difference between how carriers interpret and implement 4G at the current time, ranging from HSPA to WiMax to LTE, each has difference performance characteristics. The standard requires peak data rates from 100 Mbit/s for high mobility to 1Gbit/s for low mobility.

static code analysis (early-adopter)

Someone who likes to have the latest and greatest things. They upgrade because something is newer, bigger, faster, has better numbers, etc. Sometimes they're right, but frequently the benefit of the new numbers is not measurable.

static code analysis (pattern-based analysis)

A form of static analysis where patterns of either good or bad code are stored as rules and compared against a code base without executing the code, to find potential violations.

static analysis

Any form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code review, etc.

static code analysis (static analysis)

Any form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code review, etc.

Tag: cybersecurity

How to know when you need SBOM

CWE Top 25 2019 and On the Cusp

Can a word fix our cybersecurity problems

SCA is the Latest AppSec Silver Bullet