Admin

02.12.2022: Building a secure development process for a retailer. Experience of integration with GK checkout software

What’s the hardest part of project work? Probably, bringing customer and contractor expectations of the process and result into accordance. When we started implementing the secure development process in the group for GK applications (checkout software) of a large retailer, we had a whole lot of time and tasks to reduce the vulnerabilities in the …

02.12.2022: Building a secure development process for a retailer. Experience of integration with GK checkout software Read More »

17.10.2022: Building a secure development process for a retailer. Part 2: SAP applications

We recently started telling you about our experience building a secure development process for a large retailer. In case you missed it, you can check out the first part about the secure development of web portals and mobile apps here. Today, we’ll give you some details of this project’s implementation in the SAP family of …

17.10.2022: Building a secure development process for a retailer. Part 2: SAP applications Read More »

08.09.2022: Carsharing under DerScanner protection

CT Smart Mobility Solutions, a developer of software solutions for carsharing companies, uses DerScanner code analyzer to provide owners and customers of short-term car rental services with secure applications and therefore to protect their business and personal data. DerScanner protects the company’s clients in 10 countries in the regions of Western, Eastern Europe and Asia. …

08.09.2022: Carsharing under DerScanner protection Read More »

02.09.2022: Code analysis: problems, solutions, prospects

Software vulnerabilities have always been and will always be one of the main gateways for attackers. That is why secure development has been trending for years — more and more vendors are focusing on identifying and eliminating vulnerabilities at the development stage. One of the main ways to target vulnerabilities and backdoors is code analysis.   …

02.09.2022: Code analysis: problems, solutions, prospects Read More »

02.08.2022: DerScanner receives the CWE Compatibility MITRE certificate

DerScanner, an application code scanner, developed by DerSecur, has received the CWE Compatibility certificate from MITRE, an American non-profit organization. This certificate confirms the effectiveness of DerScanner in solving the problem of detecting vulnerabilities, classified by the CWE system, in the software code. The Common Weakness Enumeration (CWE) is a generally recognized international system for classifying weaknesses and vulnerabilities …

02.08.2022: DerScanner receives the CWE Compatibility MITRE certificate Read More »

22.04.2022: DerScanner 3.11 app security analyzer has been released

DerSecur introduced the new version of the security code analyzer DerScanner 3.11. It now features the option to classify detected vulnerabilities according to the latest versions of international standards OWASP Top 10 2021 and CWE/SANS Top 25 2021. The new release allows for uploading reports in editable DOCX and SARIF formats. The system interface now …

22.04.2022: DerScanner 3.11 app security analyzer has been released Read More »

18.04.2022: Spring Framework Vulnerabilities Included in DerScanner Updated Search Database

DerSecur has updated the vulnerabilities search database of the DerScanner application code analyzer. The update includes several zero-day vulnerabilities found in the Spring Framework which is used in Java applications. Exploiting these bugs allows an attacker to remotely execute arbitrary code or cause a denial of service. Given how widely Spring is used, the vulnerabilities …

18.04.2022: Spring Framework Vulnerabilities Included in DerScanner Updated Search Database Read More »

13.04.2022: DerScanner Detects Vulnerabilities and Undocumented Features in Open Source Projects

DerScanner static code analyzer detects vulnerabilities and undocumented features in Open Source projects (freely distributed software, components and libraries used by developers in their projects). DerSecur team notes that March saw a significant increase in critical vulnerabilities detected in the analyzed Open Source software.   Based on the scan results, the SAST tool highlights vulnerable …

13.04.2022: DerScanner Detects Vulnerabilities and Undocumented Features in Open Source Projects Read More »

11.04.2022: Open-source software: Why is it especially insecure today and how to protect yourself?

The number of cyberattacks targeting governmental and commercial organizations is growing every day. One of the serious threat vectors are open-source applications and libraries which modern development is hardly possible without. Since open-source projects are developed by enthusiasts and participating users, major vulnerabilities are often propagated in open-source libraries.   Dan Chernov, CTO of DerSecur, …

11.04.2022: Open-source software: Why is it especially insecure today and how to protect yourself? Read More »