Jan 23, 2025/6 min read

Security automation and integration can smooth AppSec friction

By Steven Zimmerman

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps

Jan 06, 2025/6 min read

Overcome AST noise to find and fix software vulnerabilities

By Steven Zimmerman

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps

Dec 02, 2024/7 min read

Artificial intelligence widens the gap between security and development

By Steven Zimmerman

Tags: Artificial Intelligence, Build Security into DevOps, DevSecOps

Oct 10, 2024/6 min read

Faster, better, stronger application security for developers in the IDE

By Steven Zimmerman

Tags: SCA, Build Security into DevOps, SAST

Jul 16, 2024/4 min read

Why penetration testing needs to be part of your IoT security

By Debrup Ghosh

Tags: Build Security into DevOps, Pen Testing

Apr 29, 2024/3 min read

Accelerate application code fixes with AI-powered Polaris Assist

By Corey Hamilton

Tags: Artificial Intelligence, Security News & Trends, Build Security into DevOps

Apr 17, 2024/3 min read

Understanding Python pickling and how to use it securely

By Ashutosh Agrawal

Tags: Build Security into DevOps, Training

Mar 31, 2024/8 min read

How to detect, prevent, and mitigate buffer overflow attacks

By Natalie Lightner

Tags: Build Security into DevOps, SAST

Mar 27, 2024/4 min read

4 approaches to vulnerability remediation

By Natalie Lightner

Tags: SCA, Build Security into DevOps, Training, Manage Security Risks

Mar 24, 2024/5 min read

Top 4 software development methodologies

By Mike McGuire

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps

Mar 19, 2024/3 min read

Introducing fAST Dynamic: Streamlining dynamic application security testing

By Vishrut Iyengar

Tags: DAST, Security News & Trends, Build Security into DevOps

Mar 18, 2024/8 min read

Six Python security best practices for developers

By Boris Cipot

Tags: Build Security into DevOps, AppSec Best Practices, Training

Mar 18, 2024/3 min read

SAST vs. DAST: What’s the best method for application security testing?

By Apoorva Phadke

Tags: DAST, Build Security into DevOps, SAST, Web AppSec

Mar 03, 2024/4 min read

The integrated DevSecOps playbook: Steps for successful DevSecOps

By Steven Zimmerman

Tags: Build Security into DevOps, DevSecOps

Feb 21, 2024/1 min read

The cybersecurity landscape - A discussion of future state and AI with Dr. Lisa Bradley

By Sammy Migues

Tags: Artificial Intelligence, Build Security into DevOps, DevSecOps

Feb 21, 2024/3 min read

Navigating complexity in AppSec

By Charlotte Freeman

Tags: Artificial Intelligence, Build Security into DevOps

Feb 13, 2024/2 min read

DevSecOps best practices

By Steven Zimmerman

Tags: Build Security into DevOps, DevSecOps

Feb 07, 2024/3 min read

Container security essentials

By Charlotte Freeman

Tags: Build Security into DevOps, Cloud Security, Container Security

Feb 07, 2024/2 min read

AppSec Decoded: How to implement security in DevOps

By Steven Zimmerman

Tags: Build Security into DevOps, DevSecOps

Nov 27, 2023/4 min read

Consolidate security tools and vendors to enhance risk management

By Shandra Gemmiti

Tags: Build Security into DevOps, Manage Security Risks

Nov 21, 2023/5 min read

Audited vs. automated: What your automated open source tool isn't seeing

By Susan Miller, Rich Kosinski, Don Mulrenan

Tags: SCA, M&A, Build Security into DevOps, OSS License Compliance

Nov 14, 2023/4 min read

Why cross-site scripting still matters

By Charlotte Freeman

Tags: Program Strategy & Planning, Build Security into DevOps, AppSec Best Practices, Web AppSec, Manage Security Risks

Oct 30, 2023/6 min read

Secure cloud-native apps and APIs at the speed your business demands

By Kimm Yeo

Tags: Build Security into DevOps, IAST, Cloud Security, Manage Security Risks

Sep 19, 2023/4 min read

Automate security: DevOps integrations for risk detection and remediation

By Charlotte Freeman

Tags: Build Security into DevOps, DevSecOps

Sep 18, 2023/5 min read

National Coding Week: Closing the skills gap with secure code training

By Taylor Armerding

Tags: Build Security into DevOps, Training, DevSecOps

Sep 07, 2023/5 min read

How to safeguard your AI ecosystem: The imperative of AI/ML security assessments

By John Waller

Tags: Artificial Intelligence, Build Security into DevOps, DevSecOps

Aug 31, 2023/5 min read

Gartner's Guide to AppSec Testing Tools

By Patrick Carey

Tags: Security News & Trends, Build Security into DevOps, Secure the Software Supply Chain, Manage Security Risks

Aug 24, 2023/7 min read

How to make the future IoT more secure

By Taylor Armerding

Tags: Build Security into DevOps, Pen Testing, Training, Internet of Things

Jun 27, 2023/8 min read

Creating a well-rounded Microsoft 365 security program

By John Waller

Tags: Build Security into DevOps, Cloud Security

May 24, 2023/1 min read

AppSec Decoded: Easy to scale with Polaris

By Black Duck Editorial Staff

Tags: Build Security into DevOps, DevSecOps

May 22, 2023/3 min read

Black Duck named a Leader in the 2023 Gartner® Magic Quadrant™ for Application Security Testing for the seventh year

By Jason Schmitt

Tags: Security News & Trends, Build Security into DevOps, Secure the Software Supply Chain, Manage Security Risks

May 17, 2023/4 min read

Detection strategies to unmask the source of malicious code

By Natalie Lightner

Tags: Build Security into DevOps

Apr 12, 2023/5 min read

Improving cloud security posture with infrastructure-as-code

By Monika Chakraborty

Tags: Build Security into DevOps, IAST, Cloud Security

Apr 11, 2023/5 min read

What pen testing can tell you about the health of your SDLC

By Charlotte Freeman

Tags: Build Security into DevOps, Pen Testing

Mar 22, 2023/5 min read

Production-safe DAST: Your secret weapon against threat actors

By Vishrut Iyengar

Tags: DAST, Build Security into DevOps

Mar 19, 2023/6 min read

Automate your DevSecOps to take the pressure off triage

By Steven Zimmerman

Tags: Build Security into DevOps, DevSecOps

Mar 15, 2023/7 min read

AppSec Decoded: Continuous AppSec testing in DevSecOps with Seeker IAST

By Black Duck Editorial Staff

Tags: Build Security into DevOps, IAST, DevSecOps

Feb 13, 2023/1 min read

OWASP Top 10: Cryptographic failures

By Cybersecurity Research Center

Tags: Build Security into DevOps, CyRC, Web AppSec

Jan 19, 2023/1 min read

OWASP Top 10: Broken access control

By Cybersecurity Research Center

Tags: Build Security into DevOps, CyRC

Jan 16, 2023/8 min read

Finding hard-coded secrets before you suffer a breach

By Ksenia Peguero

Tags: SCA, Build Security into DevOps, IAST, SAST

Jan 04, 2023/8 min read

How to choose React Native libraries for secure mobile application development

By Vineeta Sangaraju

Tags: Build Security into DevOps, Mobile, SAST

Jan 01, 2023/1 min read

Cybersecurity Research Center Developer Series: The OWASP Top 10

By Cybersecurity Research Center

Tags: Build Security into DevOps, CyRC, Training

Dec 14, 2022/4 min read

Automating web security testing within your DevOps pipelines

By Charlotte Freeman

Tags: Build Security into DevOps, IAST, DevSecOps

Dec 06, 2022/5 min read

What is the cost of poor software quality in the U.S.?

By Mike McGuire

Tags: SCA, Security News & Trends, Build Security into DevOps

Nov 08, 2022/11 min read

JavaScript security best practices for securing your applications

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, Training

Nov 08, 2022/5 min read

Scalable SAST and SCA in a single solution with Polaris fAST services

By Patrick Carey

Tags: SCA, Build Security into DevOps, SAST, DevSecOps, Manage Security Risks

Nov 04, 2022/3 min read

Defensics adds gRPC support for distributed web and mobile application security testing

By Black Duck Editorial Staff

Tags: Fuzzing, Build Security into DevOps, Mobile, Web AppSec

Oct 31, 2022/4 min read

Synopsys introduces GitHub Actions integration for developers

By Steven Zimmerman

Tags: Build Security into DevOps, DevSecOps

Oct 16, 2022/2 min read

Real-time OWASP vulnerabilities as you code with Code Sight and Rapid Scan Static

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Oct 03, 2022/4 min read

IDE-based application security for developers in IntelliJ

By Steven Zimmerman

Tags: SCA, Build Security into DevOps, SAST, DevSecOps

Aug 26, 2022/4 min read

What I wish I knew about security when I started programming

By Allon Mureinik

Tags: Build Security into DevOps, Training

Aug 23, 2022/7 min read

API authentication and authorization best practices

By Charlotte Freeman

Tags: Build Security into DevOps, Secure the Software Supply Chain, AppSec Best Practices, Manage Security Risks

Jul 29, 2022/2 min read

Introducing IaC Security from Black Duck

By Natalie Lightner

Tags: SCA, Build Security into DevOps

Jul 18, 2022/1 min read

AppSec Decoded: Application security orchestration and correlation

By Black Duck Editorial Staff

Tags: Build Security into DevOps, DevSecOps, Manage Security Risks, Orchestration & Correlation

Jul 05, 2022/5 min read

OWASP API Security Top 10: Security risks that should be on your radar

By Charlotte Freeman

Tags: Build Security into DevOps, Manage Security Risks

Jun 26, 2022/6 min read

Celebrating one year of Rapid Scan Static

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST, Web AppSec, Manage Security Risks

Jun 09, 2022/1 min read

AppSec Decoded: Security at the speed of DevOps

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Manage Security Risks, Orchestration & Correlation

May 23, 2022/8 min read

CyRC Case Study: Securing BIND 9

By Jonathan Knudsen

Tags: Fuzzing, Build Security into DevOps, CyRC, SAST

May 17, 2022/2 min read

Building security into existing source code management workflows

By James Rabon

Tags: Build Security into DevOps, DevSecOps, Orchestration & Correlation

May 12, 2022/3 min read

Two-factor authentication misconfiguration bypass

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, Internet of Things

Feb 09, 2022/4 min read

Code Sight Standard Edition: Application security optimized for the needs of developers

By Raj Kesarapalli

Tags: SCA, Security News & Trends, Build Security into DevOps, SAST, DevSecOps

Feb 09, 2022/4 min read

How to cybersecurity: Gravity is a harsh mistress

By Jonathan Knudsen

Tags: Build Security into DevOps, DevSecOps, Manage Security Risks

Jan 31, 2022/1 min read

AppSec Decoded: Building security into DevSecOps

By Black Duck Editorial Staff

Tags: Build Security into DevOps, DevSecOps

Jan 18, 2022/6 min read

Five cryptography best practices for developers

By Charlotte Freeman

Tags: Build Security into DevOps, AppSec Best Practices, Training

Dec 08, 2021/5 min read

Safety Detectives interview with Tim Mackey

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, Secure the Software Supply Chain, Manage Security Risks

Nov 01, 2021/4 min read

Top seven logging and monitoring best practices

By Ashutosh Rana

Tags: Build Security into DevOps, AppSec Best Practices, Training

Oct 16, 2021/7 min read

Top 10 Spring Security best practices for Java developers

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, Web AppSec

Sep 14, 2021/1 min read

A new approach to AppSec

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Manage Security Risks, Orchestration & Correlation

Aug 19, 2021/6 min read

Reflections on trusting plugins: Backdooring Jenkins builds

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Aug 08, 2021/5 min read

Keep infrastructure as code secure with Black Duck

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Aug 03, 2021/5 min read

How to run your CodeXM checker

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training, SAST

Jul 28, 2021/1 min read

AppSec Decoded: New executive order changes dynamic of software security standards

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, Secure the Software Supply Chain, Compliance, Manage Security Risks, Public Sector

Jul 27, 2021/2 min read

Build developer trust with faster, accurate AppSec testing from Rapid Scan

By Scott Johnson

Tags: SCA, Agile, CI/CD, Build Security into DevOps, SAST

Jul 21, 2021/2 min read

Shift even further left with blazing-fast Rapid Scan SAST

By Anna Chiang

Tags: Build Security into DevOps, SAST

Jul 19, 2021/4 min read

Practical solutions for a secure automotive software development process following ISO/SAE 21434

By Dr. Dennis Kengo Oka

Tags: Build Security into DevOps, Compliance, Automotive

Jul 08, 2021/3 min read

Getting started with writing checkers using CodeXM

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Jun 29, 2021/2 min read

Optimizing software composition analysis for developer workflows with Black Duck Rapid Scan

By Mike McGuire

Tags: SCA, Build Security into DevOps

Jun 28, 2021/3 min read

How to cyber security: Embedding security into every phase of the SDLC

By Jonathan Knudsen

Tags: Agile, CI/CD, Build Security into DevOps

Jun 10, 2021/6 min read

How to achieve MISRA and AUTOSAR coding compliance

By Dr. Dennis Kengo Oka

Tags: Build Security into DevOps, Compliance, Automotive

Jun 05, 2021/3 min read

Web application security testing at scale with Coverity SAST

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST, Web AppSec, Manage Security Risks

May 06, 2021/8 min read

Top 10 DevSecOps best practices for building secure software

By Sneha Kokil

Tags: Agile, CI/CD, Build Security into DevOps, AppSec Best Practices, DevSecOps

Apr 23, 2021/4 min read

How to cyber security: 5G is not magic

By Jonathan Knudsen

Tags: Build Security into DevOps, Internet of Things

Apr 09, 2021/3 min read

Penetration testing: A yearly physical for your applications

By Debrup Ghosh

Tags: Build Security into DevOps, Pen Testing, Web AppSec

Apr 08, 2021/12 min read

Integrating fuzzing into DevSecOps

By Black Duck Editorial Staff

Tags: Fuzzing, Build Security into DevOps, DevSecOps

Mar 17, 2021/11 min read

WLAN under fuzzing with Defensics

By Tuomo Untinen, Kari Hulkko

Tags: Fuzzing, Build Security into DevOps

Mar 14, 2021/4 min read

Why should DevOps teams choose IAST?

By Black Duck Editorial Staff

Tags: Build Security into DevOps, IAST

Feb 23, 2021/5 min read

How to cyber security: Containerizing fuzzing targets

By Jonathan Knudsen

Tags: Fuzzing, Build Security into DevOps

Feb 23, 2021/5 min read

Analysis of an attack on automotive keyless entry systems

By Dr. Dennis Kengo Oka

Tags: Build Security into DevOps, Automotive

Feb 03, 2021/4 min read

How to integrate automated AST tools in your CI/CD pipeline

By Meera Rao

Tags: Agile, CI/CD, Build Security into DevOps

Jan 26, 2021/4 min read

Discovery capabilities: A core differentiator for Black Duck SCA

By Mike McGuire

Tags: SCA, Build Security into DevOps, OSS License Compliance

Jan 20, 2021/7 min read

How to cyber security: Faceplanting in 10 lines of code

By Jonathan Knudsen

Tags: Agile, CI/CD, Build Security into DevOps

Jan 03, 2021/6 min read

Don’t get overwhelmed with trivial defects. Manage them!

By Taylor Armerding

Tags: Build Security into DevOps, AppSec Best Practices, DevSecOps

Dec 27, 2020/8 min read

DevSecOps: The good, the bad, and the ugly

By Nivedita Murthy

Tags: Agile, CI/CD, Build Security into DevOps

Dec 21, 2020/5 min read

Things to consider when choosing a software composition analysis tool

By Shandra Gemmiti

Tags: SCA, Build Security into DevOps

Dec 14, 2020/10 min read

How to build a serial port fuzzer with Defensics SDK

By Kari Hulkko

Tags: Fuzzing, Build Security into DevOps

Dec 10, 2020/6 min read

Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol

By Jonathan Knudsen

Tags: Fuzzing, Build Security into DevOps, Training

Dec 02, 2020/6 min read

Configure security tools for effective DevSecOps

By Taylor Armerding

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps

Dec 01, 2020/5 min read

Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

By Jonathan Knudsen

Tags: Fuzzing, Build Security into DevOps

Nov 12, 2020/5 min read

How to cyber security: Gotta go fast … but why?

By Jonathan Knudsen

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps

Nov 09, 2020/3 min read

Three DevSecOps challenges and how to mitigate them

By Patrick Carey

Tags: Agile, CI/CD, Build Security into DevOps, Training, DevSecOps

Oct 18, 2020/5 min read

Get effective DevSecOps with version control

By Taylor Armerding

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps

Aug 25, 2020/4 min read

Developing a COVID-19 track and trace app — through the lens of Black Duck

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps, Threat & Risk Assessment, Mobile, IAST, SAST, Public Sector

Jul 27, 2020/7 min read

Security bugs and flaws: Both bad, but in different ways

By Taylor Armerding

Tags: SCA, Build Security into DevOps, Threat & Risk Assessment, Threat Modeling, Manage Security Risks

Jul 12, 2020/6 min read

How to Cyber Security: Fuzz a tank

By Jonathan Knudsen

Tags: Fuzzing, Build Security into DevOps

Jul 01, 2020/8 min read

Find more bugs by detecting failure better: An introduction to Defensics Agent instrumentation sanitizer options

By Jonathan Knudsen

Tags: Fuzzing, Build Security into DevOps

Jun 28, 2020/4 min read

Are you following the top 10 software security best practices?

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, Manage Security Risks

Jun 16, 2020/3 min read

An introduction to installing Black Duck

By Black Duck Editorial Staff

Tags: SCA, Build Security into DevOps

Jun 11, 2020/11 min read

Authentication Token Obtain and Replace (ATOR) Burp plugin to handle complex login sequences

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Jun 01, 2020/3 min read

Why developers need a supplemental source to NVD vulnerability data

By Fred Bals

Tags: SCA, Build Security into DevOps

May 13, 2020/3 min read

Critical gap in developer security training puts applications at risk

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, Training

May 11, 2020/8 min read

How to Cyber Security: Fuzzing does not mean random

By Jonathan Knudsen

Tags: Fuzzing, Build Security into DevOps

May 05, 2020/4 min read

3 ways to boost your security with role-based security compliance training

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Compliance, AppSec Best Practices, Training

May 03, 2020/2 min read

3 long-term benefits of an application security training strategy

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training

Mar 15, 2020/6 min read

What is security debt, and how do I get out of it?

By Taylor Armerding

Tags: SCA, Program Strategy & Planning, Build Security into DevOps, Manage Security Risks

Mar 10, 2020/3 min read

How does IAST fit into DevSecOps?

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Build Security into DevOps, IAST, DevSecOps

Feb 12, 2020/3 min read

Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

By Patrick Carey

Tags: SCA, Security News & Trends, Build Security into DevOps, SAST, DevSecOps

Feb 03, 2020/4 min read

Mobile security app-titude best practices for secure app design and data privacy

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, Mobile

Feb 02, 2020/5 min read

Ask the Experts: What’s most rewarding about your career in cyber security?

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, Manage Security Risks

Jan 22, 2020/5 min read

Coverity & Black Duck together. Better. Faster. Stronger.

By Fred Bals

Tags: SCA, Build Security into DevOps, SAST

Jan 18, 2020/4 min read

Synopsys adds GitHub Action for SAST and SCA

By Black Duck Editorial Staff

Tags: SCA, Agile, CI/CD, Build Security into DevOps, SAST

Jan 06, 2020/7 min read

The journey to better medical device security: Still slow, still bumpy

By Taylor Armerding

Tags: Build Security into DevOps, AppSec Best Practices, Medical Devices, Healthcare

Nov 19, 2019/3 min read

SAST vs. SCA: What’s the difference? Do I need both?

By Black Duck Editorial Staff

Tags: SCA, Build Security into DevOps, SAST

Nov 17, 2019/3 min read

Integrating Coverity Scan with GitLab CI

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Build Security into DevOps, SAST

Oct 09, 2019/2 min read

CloudBees and Synopsys: Putting “Sec” into DevSecOps

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Build Security into DevOps

Sep 29, 2019/4 min read

Wormwood – An Explicit Way to Test Absinthe GraphQL APIs

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps

Sep 19, 2019/4 min read

Q&A: Fuzz testing, agent instrumentation, and Defensics

By Black Duck Editorial Staff

Tags: Fuzzing, Build Security into DevOps

Jun 04, 2019/6 min read

It’s not just autonomous cars of the future that need security

By Taylor Armerding

Tags: Build Security into DevOps, Manage Security Risks, Automotive

May 24, 2019/3 min read

How are code quality and code security related?

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST, Web AppSec, Internet of Things

May 08, 2019/1 min read

Announcing Code Sight 2019.4

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, SAST

Mar 20, 2019/4 min read

Want to secure your apps? Build security in with the right toolchain

By Taylor Armerding

Tags: Agile, CI/CD, Build Security into DevOps, Threat & Risk Assessment, Manage Security Risks

Jan 30, 2019/2 min read

How to “shift left” with application security tools, and how not to

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Build Security into DevOps

Jan 29, 2019/7 min read

Why dependencies matter for SAST

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training, SAST

Nov 19, 2018/2 min read

Should I include CSRF protection on a login form?

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps

Nov 15, 2018/6 min read

WPA2 encryption bypass: Using Defensics to uncover behavioral vulnerabilities

By Tuomo Untinen

Tags: Fuzzing, Build Security into DevOps, Compliance

Nov 13, 2018/1 min read

Today I Learned: Using SCSS in your Vue Components

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps

Sep 14, 2018/6 min read

Let’s write more CodeXM checkers (second-stage ignition)

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Sep 05, 2018/2 min read

A Quick Guide to the Complex: Ecto.Multi

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps

Aug 28, 2018/3 min read

The intersection between IAST and SCA and why you need both in your security toolkit

By Tim Mackey

Tags: SCA, Agile, CI/CD, Build Security into DevOps, IAST, Manage Security Risks

Aug 19, 2018/2 min read

Integrating Coverity static analysis into development workflows

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Build Security into DevOps, SAST

Aug 01, 2018/3 min read

Slim Docker Images for Rails

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps

Jul 20, 2018/4 min read

Remediating XSS: Does a single fix work?

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, Web AppSec, Manage Security Risks

May 07, 2018/9 min read

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

By Meera Rao

Tags: Agile, CI/CD, Build Security into DevOps, SAST, DevSecOps

Mar 26, 2018/56 min read

Cracking XenForo corpuses: An unsupported sha256(sha256($pass).$salt) hash type

By Travis Biehn

Tags: Build Security into DevOps, Training

Mar 21, 2018/8 min read

Detecting Spectre vulnerability exploits with static analysis

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Mar 18, 2018/3 min read

What’s the difference between agile, CI/CD, and DevOps?

By John Steven

Tags: Agile, CI/CD, Build Security into DevOps

Feb 19, 2018/4 min read

Can Coverity automatically ignore issues in third-party or noncritical code?

By Kris Diefenderfer

Tags: Build Security into DevOps, SAST

Jan 30, 2018/5 min read

Migrating to Docker on Black Duck

By Black Duck Editorial Staff

Tags: SCA, Build Security into DevOps, Container Security

Nov 13, 2017/2 min read

Streamlining development with a DevSecOps life cycle

By Apoorva Phadke

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps, Manage Security Risks

Aug 15, 2017/3 min read

Scan nirvana: Hub Detect for all native build and CI tools

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Jul 06, 2017/8 min read

Building your DevSecOps pipeline: 5 essential activities

By Meera Rao

Tags: Agile, CI/CD, Build Security into DevOps

Jun 20, 2017/4 min read

A primer on protecting keys and secrets in Microsoft Azure

By Sakthi Mohan

Tags: Build Security into DevOps, Manage Security Risks

Jun 06, 2017/4 min read

Security topics every software developer should know

By

Tags: Build Security into DevOps, Training

May 16, 2017/2 min read

Node.js: Preventing common vulnerabilities in the MEAN stack

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, Manage Security Risks

May 08, 2017/5 min read

AngularJS: Preventing common vulnerabilities in the MEAN stack

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec

Apr 20, 2017/2 min read

ExpressJS: Preventing common vulnerabilities in the MEAN stack (Part 1)

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, Manage Security Risks

Apr 13, 2017/5 min read

MongoDB: Preventing common vulnerabilities in the MEAN stack

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec

Apr 04, 2017/7 min read

Attributes of secure web application architecture

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Build Security into DevOps, Web AppSec, Manage Security Risks

Mar 22, 2017/4 min read

Forging a SHA-1 MAC using a length-extension attack in Python

By Mantej Singh Rajpal

Tags: Build Security into DevOps, Web AppSec

Mar 22, 2017/6 min read

Swift: Close to greatness in programming language design, Part 2

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Feb 23, 2017/11 min read

AngularJS security series part 1: Angular $http service

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training, Web AppSec

Jan 10, 2017/3 min read

How much do bugs cost to fix during each phase of the SDLC?

By Arvinder Saini

Tags: Build Security into DevOps, Threat & Risk Assessment, Pen Testing, IAST, Manage Security Risks

Dec 14, 2016/2 min read

How to prevent SQL injection attacks: A cheat sheet

By Jamie Boote

Tags: Build Security into DevOps, SAST, Manage Security Risks

Nov 28, 2016/4 min read

5 reasons to use third-party authentication instead of creating your own

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Compliance, SAST

Nov 19, 2016/5 min read

Sweet32: Time to retire 3DES?

By Amit Sethi

Tags: Build Security into DevOps

Nov 08, 2016/5 min read

Abuse cases: How to think like a hacker

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Nov 07, 2016/5 min read

How to choose between closed source and open source software

By Jamie Boote

Tags: Build Security into DevOps, SAST

Aug 24, 2016/3 min read

4 ineffective security controls that leave you with a false sense of security

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training

Aug 24, 2016/2 min read

Pseudorandom number generation means pseudosecurity

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training

Aug 08, 2016/3 min read

Avoiding false positives in application security through customization

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST, Web AppSec, Manage Security Risks

Aug 01, 2016/5 min read

An escape room called the ‘AngularJS sandbox’

By Ksenia Peguero

Tags: Build Security into DevOps

Apr 28, 2016/3 min read

Man in the middle: When Bob met Alice, and Eve heard everything

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, Web AppSec, Manage Security Risks

Apr 12, 2016/6 min read

Application security vs. software security: What’s the difference?

By Monika Chakraborty

Tags: Build Security into DevOps, Mobile, Web AppSec

Mar 15, 2016/3 min read

How to do static analysis testing in 6 easy steps

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, SAST, Manage Security Risks

Mar 09, 2016/3 min read

What’s the difference? OAuth 1.0 vs OAuth 2.0

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training, Web AppSec

Mar 08, 2016/9 min read

An examination of ineffective certificate pinning implementations

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Mobile

Feb 10, 2016/2 min read

Static analysis tools: Are they the best for finding bugs?

By Apoorva Phadke

Tags: Build Security into DevOps, SAST, Manage Security Risks

Jan 27, 2016/5 min read

When and how to support static analysis tools with manual code review

By Mike Lyman

Tags: Build Security into DevOps, SAST, Web AppSec, Manage Security Risks

Jan 18, 2016/4 min read

Pen testing best practices to take the pain out of penetration testing

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, Web AppSec

Dec 17, 2015/6 min read

Android WebViews and the JavaScript to Java bridge

By Andrew Lee-Thorp

Tags: Build Security into DevOps, Mobile

Dec 09, 2015/2 min read

What are cryptographic hash functions?

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Build Security into DevOps, Manage Security Risks

Oct 09, 2015/5 min read

Using the SafetyNet API

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Mobile

Sep 23, 2015/7 min read

Benefits of Code Scanning for Code Review

By Mike Lyman

Tags: Security News & Trends, Build Security into DevOps, SAST

Aug 06, 2015/1 min read

Serving resources over SSL with CSP upgrade-insecure-requests

By Ksenia Peguero

Tags: Build Security into DevOps, Web AppSec, Manage Security Risks

Aug 03, 2015/5 min read

Integrating Touch ID into your iOS applications

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Mobile

Apr 07, 2015/4 min read

How mapping the Ocean’s Eleven heist can make you better at application security testing

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Mar 22, 2015/4 min read

The 3 laws of robots.txt

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Build Security into DevOps, Web AppSec

Dec 13, 2014/8 min read

How to fix cross-site scripting: A developer’s guide

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Build Security into DevOps

Nov 03, 2014/9 min read

Understanding Python bytecode

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, Manage Security Risks

Apr 24, 2014/3 min read

Understanding fragment injection

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Mobile, Web AppSec

Apr 13, 2014/4 min read

On detecting Heartbleed with static analysis

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, SAST

Apr 07, 2014/6 min read

Heartbleed vulnerability: What should you do?

By Black Duck Editorial Staff

Tags: Fuzzing, Security News & Trends, Build Security into DevOps

Jan 20, 2014/2 min read

SHA2 ‘vs.’ SHA1

By John Steven

Tags: Program Strategy & Planning, Build Security into DevOps, Compliance

Jan 15, 2014/3 min read

SecureRandom implementation (sun.security.provider.SecureRandom – SHA1PRNG)

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Jan 05, 2014/2 min read

Issues to be aware of when using Java's SecureRandom

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Jul 25, 2013/7 min read

Protect Your Website From Its Embedded Content With iFrames

By Sammy Migues

Tags: DAST, Build Security into DevOps

Mar 07, 2013/4 min read

Ruby Demystified: and vs. &&

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps

Apr 27, 2012/8 min read

Caching security architecture knowledge with design patterns

By John Steven

Tags: Build Security into DevOps

Oct 31, 2010/2 min read

Secure URL redirection remediation

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Build Security into DevOps, Web AppSec