Software security faces a variety of challenges before to ensuring that the software is secure. The first is to correct the security defects no matter what the category is. The second is being able to cover a big enterprise-wide based portfolio of applications to ensure their security as well. Source code analysis, more specifically, static application security testing or otherwise known as SAST has come a long way since its induction back in the late 90s early 2000s.
When it comes to correcting defects in you software, if you are aware where in the source code the problem exists, it is much easier to fix the problem before the software is released. In addition, if you are suggested with how to fix the problem it becomes that much easier and quicker to fix the problem. Since developers are ultimately responsible for developing software with few or no defects, any tool that helps developers directly are the most useful. Although automation is convenient, it may miss fixing some of the bugs that need to be fixing or create additional false positives that deter the success of an application security testing tool.
Fasoo, well known for the data-centric security solutions, also provides a static application security testing tool called SPARROW. This is a static analysis tool for enterprise software development process. It can be deployed on both the development and testing phases in the software development life cycle or SDLC for all security-related participants in the quality control process. SPARROW accurately and quickly detects software vulnerabilities with root cause explanations and suggesting code examples for remediation to developers with ACTIVE SUGGESTION.
It has received many praises with awards and follows international standard guidelines such as OWASP, CWE/SANS, CERT, HIS, HICPP, MISRA and most recently acquired CWE certification as well ISO 26262. SPARROW offers a semantic-based analysis, which shows great performance in detecting critical and hidden run-time errors.
Most recently, in September of this year, SPARROW was showcased in front of developers, auditors, risk managers, technologists and entrepreneurs at AppSec USA 2014 in Denver, CO.
Make sure when you are thinking about what security testing tool you should have for your software, you think about SPARROW and let us know.