Why Fuzz Testing Is Indispensable: Jarkko Lamsa
I recently spoke to Gartner on the addition of fuzz testing to their Critical Capabilities for the Application Security Testing Magic Quadrant. In that conversation, one analyst shared that companies that implement fuzz testing programs never rip them out. Why? They’re just too valuable. This is a bold statement, especially ... Read More
The FuzzCon 2021 Real Talks Panel
In August 2021, Dr James Ransome hosted the Fuzzing Real Talks at FuzzCon 2021. Ransome was joined by industry experts Anmol Misra of Autodesk, Larry Maccherone of Contract Security, Damilare D. Fagbemi of Resilient Software Security, and Jeff Costlow of Extrahop Networks ... Read More
The Fundamentals of Fuzz Testing
Organizations are increasingly adopting more security practices to ensure the quality and robustness of their applications. One of the challenges that remain unaddressed is finding unknown or zero-day vulnerabilities ... Read More
Can Application Security Testing Be Fixed?
In August 2021, Brooke S. E. Shoenfield -- Author, Passionate Security Architect, and Curious Questioner of Assumptions -- challenged whether application security can be fixed at FuzzCon 2021. Shoenfield observed and boldly called out that breaches not only continue to roll in, but the cadence continues to increase ... Read More
FuzzCon 2021 Addresses Ease-of-Use in Fuzz Testing
Last August 2021, ForAllSecure held its second annual FuzzCon. FuzzCon seeks to bring together technical experts and industry leaders across various sectors to share fuzz testing knowledge. Our ultimate vision for FuzzCon is to be a key source for connecting people with knowledge and fellow enthusiasts. Through education and networking, ... Read More
Why Fuzz Testing Is Indispensable: Billy Rios
One Gartner analyst recently shared that companies that implement fuzz testing programs never rip them out. Why? They’re just too valuable. This is a bold statement ... Read More
The Evolution of Security Testing
A benchmarking study by the NSA Center for Assured Software found that the average SAST tool covers only 8 out of 13 weakness classes and finds only 22 percent of flaws in each weakness class. Based on these numbers, the average SAST tool is likely to find only 14 percent ... Read More
The Move Toward Continuous Testing
DevSecOps is the expansion of DevOps that includes security professionals as well. The idea is for everyone to be looking at the code together, rather than in silos. This will produce the most robust and resilient software with the least amount of time and cost ... Read More
A Guide To Automated Continuous Security Testing
The acceleration of application development has shown no sign of stopping. As a result, we’re seeing increasingly complex, interconnected software. These forces are driving organizations to go beyond merely identifying common security errors or protecting against common attack techniques. Increasingly complex applications are calling for the need to anticipate, detect, ... Read More
How Fuzzing Redefines Application Security
The application security testing market is highly fragmented. From SAST to DAST to SCA to IAST to RASP, what is the best? Our answer? Autonomous testing through fuzz testing and symbolic execution ... Read More
