Fasoo Data Security and Intelligent Document Platform on Display at RSA Conference 2017

Fasoo has a big presence at the RSA Conference 2017 in San Francisco where we will showcase our newly expanded data security and management framework which helps companies track, manage and secure their data. Focusing on the business themes of Security, Governance and Productivity, Fasoo is helping executives and boards of directors comply with enhanced cybersecurity regulations while ensuring they …

Fasoo Launches SPARROW on Cloud

SPARROW, a static code analysis application, is now available as a Software as a Service (SaaS) offering to help organizations quickly detect critical software vulnerabilities at the early stages of software development.  “SPARROW on Cloud“, SPARROW’s cloud solution is an agile, flexible, reliable and cost effective solution that allows organizations to easily manage application security challenges. “IoT has brought an …

Should Developers Have a Spellchecker for Security?

A recent article by Maria Cosgrove in CSO asked the question “Wouldn’t it be nice if software developers had something like spellcheck, but instead of catching simple grammar mistakes, it caught basic security problems?” Very good question, especially when you think about all the cyber security problems and attacks we’ve seen in recent months.  The reality is that developers are …

What is Lurking Inside Your Applications?

While everyone still draws attention to the need for protection from cyber-attacks and the need for firewalls, intrusion prevention systems, and similar tools, recent highly publicized breaches have been raising awareness on weaknesses in software developed and used. The market is now forced to focus on how to identify and remediate vulnerabilities within applications themselves as things like buffer overruns, …

Add Static Application Security Testing to Your Arsenal

Many companies have significant investments in network security, but it’s not enough because a significant chunk of all cyber-attacks are happening on the application layer. Cyber criminals are increasingly targeting the application stack for exploitation. According to the U.S. Department of Homeland Security (DHS), 90% of security incidents result from exploits against defects in software. The Forrester Wave: Application Security …

Don’t Get Caught With Your Pants Down – Static Application Security Testing Must be part of Security Risk Management

Technology has changed the way we live our lives. Whether we are at work, home or outside, we have become dependent on our computers, mobile phones and the internet. On a daily basis, we all interact with a significant number of applications. Demand for technology has led to an explosion of software we use daily, whether these are applications used in …

Stay One Step Ahead Of The App Hackers

I recently wrote an article about hackers getting iOS App developers to use a bogus Xcode development kit downloaded from a Chinese site to create applications.  The development kit contained malicious code that caused all types of security problems in iPhone and iPad apps.  Read the entire article here. This is a new frontier for hackers.  Rather than attacking perimeter …

Top 10 Reasons Why You Should Use Static Code Analysis

I have been in the security and privacy industries throughout my entire career. I started my journey many years ago as a software developer and moved into the business side of things gradually. All these years, it has always been painful to see companies spend enormous amount of dollars on firewalls and anti-virus software year after year, but vulnerabilities in software …

Stop an App Attack

Apple was cleaning up its iOS App Store on Sunday to remove malicious iPhone and iPad programs identified in the first large-scale attack on the mobile software outlet.  Apparently the source of the problem was a bogus Xcode development kit that developers downloaded from a Chinese site.  Many app and Mac developers use the Apple Xcode tools to develop iOS …

[Case Study] Achieving Software Quality and Secure Coding Concurrently

Major National Bank Achieves Software Quality and Secure Coding Concurrently through SPARROW Expansion in electronic financial services requires advancement in software quality and secure coding Report from the Financial Supervisory Service in 2012 states that half of the financial data processing errors were caused while modifying the program. For businesses related handling of financial transactions, the quality assurance of the …