Why dependencies matter for SAST

Why dependencies matter for SAST

How do static analyzers manage code dependencies? There are many ways, but the best static analyzers take a hybrid approach to dependency analysis. Introduction SAST solutions are popular with both development and security teams. But they’re used in such different ways that historically it has been difficult to meet the ... Read More
Remediating XSS: Does a single fix work?

Remediating XSS: Does a single fix work?

A very common type of injection defect is cross-site scripting (also known as XSS or HTML injection). Many developers struggle with remediation of XSS because of a misunderstanding of the difference between validation, sanitization, and normalization/canonicalization. Lately, even some security vendors have started suggesting “fixing” injection defects close to the ... Read More