Static Analysis - Tagged - Security Boulevard
GrammaTech Releases CodeSonar 6.0 with Improved Analysis, Visualization, Reporting and Unified Java Analysis

GrammaTech Releases CodeSonar 6.0 with Improved Analysis, Visualization, Reporting and Unified Java Analysis

Over the years we have seen our customers “shifting left” to take advantage of building in security versus testing for security later in the lifecycle. As advanced SAST tools such as CodeSonar ...
Multi-language SAST and SCA for Android Platforms and Applications

Multi-language SAST and SCA for Android Platforms and Applications

Android is, for most people, a mobile operating system for their phone or tablet. In fact, it’s an extremely successful open source platform in general. It’s common in automobile infotainment systems, set ...
On Demand Webinar featuring Solid Sands | Safety and Security Critical Software: Start with the End in Mind

On Demand Webinar featuring Solid Sands | Safety and Security Critical Software: Start with the End in Mind

| | CodeSonar, Static Analysis
  Software development is hard work. Developing C or C++ software that has to be safe and secure is even more difficult. How do you ensure that your end-product behaves the way ...
dynamic code application

Dynamic Code Analysis: A Primer

The development of a fully optimized and secure application or software requires a wide array of testing tools and analyzers to verify the quality of the application and to make sure that ...
Security Boulevard
SWAP Detector: Preventing API Errors from Swapped Arguments

SWAP Detector: Preventing API Errors from Swapped Arguments

Third-party application programming interfaces (APIs), libraries, and frameworks are a fact for modern software developers. They are usually complex, rapidly evolving, and sometimes poorly documented. According to industry estimates, open-source components can ...
Detecting Iterator Invalidation with CodeQL

Detecting Iterator Invalidation with CodeQL

by Kevin Higgs, Montgomery Blair High School Iterator invalidation is a common and subtle class of C++ bugs that often leads to exploitable vulnerabilities. During my Trail of Bits internship this summer, ...
What the Building In Security Maturity Model (BSIMM) Says About the Role of SAST and SCA

What the Building In Security Maturity Model (BSIMM) Says About the Role of SAST and SCA

The BSIMM is an annual study of the real-world software security initiatives – “SSIs” in the report - across the software industry drawing from data and experience from 130 organizations. Rather than ...
Latest Version of CodeSonar Improves on C++ Analysis, MISRA Support; Introduces Subcommands for DevSecOps and More

Latest Version of CodeSonar Improves on C++ Analysis, MISRA Support; Introduces Subcommands for DevSecOps and More

| | CodeSonar, Static Analysis
The latest version of GrammaTech CodeSonar, Version 5.4, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software ...
Security Code Review of a Banking Trojan — Cerberus

Security Code Review of a Banking Trojan — Cerberus

Security Code Review of a Banking Trojan — CerberusOver a year ago, I started hearing about this new Banking Trojan called Cerberus. The author of this malware reportedly used to ridicule security researchers on ...