The Advantages of SAST – WAF Correlation
Overview The fact that it is easier to hack than protect is no secret. For example, attackers need to find a single point of entry, whereas the defender needs to close all holes. As most of you know, defenders usually work under tight time and budget constraints, while the attacker has no…
Source Vs. Binary Static Code Analysis
Secure software development has become a priority for all organizations whether they build their own software or outsource. And code analysis is becoming the de facto choice to introduce secure development as well as measure inherent software risk. Many assume that code analysis requires code compilation as a prerequisite. Today,…
A successful SAST implementation
A comprehensive white paper covering the various considerations that have to be taken into account when evaluating and selecting a SAST solution. The newly published white paper by Checkmarx Director of Sales & Marketing, Assaf Pilo, covers a common set of questions and deliberations that our customers face when they…
Cross-Site History Manipulation: XSHM
In this White Paper we present a newly discovered SOP [8] (Same Origin Policy) security breach identified as Cross-Site History Manipulation (XSHM). SOP is the most important security concept of modern browsers. SOP means that web pages from different origins by design cannot communicate with each other. Cross-Site History Manipulation…
Decompilation Injection
This paper presents a novel way to protect .NET assemblies against reverse-engineering and decompilation by injecting them with commands that are activated only at the recompilation stage, the application retroactively detects the reverse-engineering process and acts upon it. This technique goes beyond standard obfuscation processes and not only makes it…
How Virtual Compilation Transforms Static Code Analysis
There is evidence that compilation-based code analysis tools negatively impact risk mitigation efforts. As Gartner analyst Neil MacDonald observed: “we’ve talked with a number of clients that purchased a [static analysis] tool which later becomes expensive “shelfware” or where the project was halted after delivering mixed results.” Mr. MacDonald correctly singles…
Follow Us
