HCL AppScan Source (previously IBM AppScan Source) is a static application security testing (SAST) system for organizations. It can be used for secure code review alone or in conjunction with the Enterprise AppScan Security Testing Suite to provide comprehensive end-to-end application security testing. It provides value for all software security stakeholders, including security analysts, QA

Today’s post let’s talk about Future of Application security testing (AST). As background information for those who are new to the topic, application security testing (AST) is a domain with a variety of approaches. For those focus on static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), mobile application

Israeli Company WhiteSource Purchases Europe Croatian DefenseCode, the news has spread since the middle of February, 2022. In regards to this news, E-SPIN Group calls upon our existing end customers and channel partners who are affected by the WhiteSource acquisition to keep calm and let E-SPIN provides the migration path for the affected legacy product ThunderScan

Trends disrupting the Application Security Testing Market, a couple years will see dynamic changes once it reaches the market acceptance for certain technology, and depend on the existing market player and new player entering into the market that create new waves of change, in particular the disruptive technologies that obsolete conventional or legacy practises. Since

Enterprise customers got the Static Application Security Testing (SAST) and Secure Source Code Requirements, how to systematic mapping for the functionality requirements into operation requirements, and avoid vendor lockin and upsell features you may not need. This document is prepared based on the above objective and if it meets what you need, please read on.

DefenseCode ThunderScan Static Application Security Testing (SAST) is solution for performing comprehensive security inquiry of application source code. ThunderScan is accessible to use, requires almost no user input and can be expand during or after development. It is an efficient alternative to the demanding and time-consuming procedure of manual code reviews. ThunderScan performs fast and

In celebration of E-SPIN 16th Anniversary, we are pleased to organize a 2 Hours Workshop Shifting left with SAST, use DefenseCode ThunderScan onboard SAST into SDLC workshop for our customer and business partners who we do business with over the years. Special thanks to DefenseCode, one of our E-SPIN active supplier vendors for years,  who

It’s time for the E-SPIN 16th anniversary celebration to begin. As per our earlier celebration opening statements, it is time for E-SPIN to giveaways for the customers in this period of time. For all the customers and business partners, please participate in this fully sponsored by E-SPIN and DefenseCode event, you are welcome to share

What is an application security testing? Application security testing is a part of crucial software development process that makes new or updated software applications do not contain security vulnerabilities as well as being more resistance to security threats. Organisations have begun to adopt DevOps practice as a way to speed up the process to deliver

Why DAST and SAST is best combined for the AST approach, the reason is simple, it covers the matter in two key result areas (KRA) most people want to cover and demonstrate vulnerability management and for various regulatory compliance. As most industries and sectors remain, have the practice for outsource and appoint 3rd parties to

Umbraco is an open-source content management system (CMS) platform for publishing content on the World Wide Web and intranets. It is written in C# and deployed on Microsoft based infrastructure.  It as one of the leading .NET-based open source CMS systems. Technology wise, Umbraco is primarily written in C#, stores data in a relational database (commonly Microsoft SQL Server) and works on Microsoft IIS. Umbraco’s front-end is built upon Microsoft’s .NET

We keep hear people talk static application security testing (SAST), dynamic application security testing (DAST) as two dominance application security testing, and off course not so mainstream of interactive application security testing (IAST), software composition analysis (SCA) and mobile application security testing (mobile AST). Some keep proposing SAST is the ultimate, because it handles the

Post event video summary, spread into three video Part 1 focus on app security testing market change and challenges, cloud migration and standard, specific controls requirements Part 2 focus on the Thunderscan SAST product update. Part 3 focus on the Webstrike DAST product update. For existing and new customers and partners, it is our pleasure

Shift left security is nothing new, we have extensively covered it two years and more back. We even have the established range of the world class, best of breed solution for the enterprise customer hassle free implementation to achieve modern DevSecOps. The topic today more on shift left security accelerated. All the enterprises in the

This is routine hour long technical overview, highly essential and recommends for existing customers who are intent to consider static analysis / secure code review or static application security testing (SAST) to Veracode Static Analysis, to know how it is workings and covers all the latest build release feature, as well as cover frequently asks

This is a routine hour long technical overview, highly essential and recommended for customers,  who are considering to running Static Application Security Testing (SAST) with ThunderScan Desktop & Enterprise . The best way to ensure that your applications are free from critical vulnerabilities is to perform a comprehensive audit of application source code using ThunderScan.

The Federal Bureau of Investigation (FBI) issued a flash alert warning of hackers stealing data from government agencies and enterprise organizations via internet-exposed and insecure SonarQube instances. From the published data, it seems it has happened since April 2020. The FBI did a good job at least detecting and being able to issue warning. You

What is angular typescript is a very common ask question. Angular is a platform and framework for creating single-page client applications using HTML and TypeScript. Angular is written and built in TypeScript. It implements core and optional functionality as a set of TypeScript libraries that you import into your apps. The architecture of an Angular

How to choose a right static application security testing tool for your own use case is something a lot of new users will encounter and easily misled by the various marketing influences by the vendor who produce static application security testing (SAST) tools. The more experience you are, the less likely you are influenced by

Application Security Testing AST is a modern term we used to describe various tools based on various technologies used for performing application security testing (AST). Since the product technology keeps advancing, more and more related technology is either consolidated, retired, replaced and being positioned as matured, declined or treated as new emerging technology. The market