Blog

Should Developers Have a Spellchecker for Security?
Ron Arden November 3, 2016
Application Security Testing Cybersecurity

Sparrow helps stop security vulnerabilities while you codeA recent article by Maria Cosgrove in CSO asked the question “Wouldn’t it be nice if software developers had something like spellcheck, but instead of catching simple grammar mistakes, it caught basic security problems?”

Very good question, especially when you think about all the cyber security problems and attacks we’ve seen in recent months.  The reality is that developers are still writing software with security vulnerabilities.  As project timelines contract and more people are involved, the development cycle becomes more complex and is prone to problems.  If the problems were rarely seen bugs, it would be one thing, but why are there so many basic errors inside a lot of software?

What is Lurking Inside Your Applications?
Ron Arden May 23, 2016
Application Security Testing Cybersecurity Data breach Data security

Sparrow Static Application Security TestingWhile everyone still draws attention to the need for protection from cyber-attacks and the need for firewalls, intrusion prevention systems, and similar tools, recent highly publicized breaches have been raising awareness on weaknesses in software developed and used. The market is now forced to focus on how to identify and remediate vulnerabilities within applications themselves as things like buffer overruns, SQL injections, cross-site scripting, hard-coded passwords, memory leaks, uninitialized variables, division by zero, and integer overflows can have devastating results.

This is quite a change from the way things used to be. Rather than being an afterthought, security in software design is now becoming an increasingly important concern during development as applications are becoming more and more accessible and hence becoming vulnerable to a wide variety of threats. There is much concern over the likelihood of unauthorized code manipulating applications to access, steal, modify, or delete sensitive data.