DerSecur has updated DerScanner, a comprehensive solution for monitoring the security of software and information systems. The new version allows correlating the results of static code analysis (SAST) with the results of dynamic code analysis (DAST). Their correlation will reduce false positives. Thanks to this, DerScanner users’ attention will be focused primarily on validated vulnerabilities and undocumented features, whose elimination is the first priority task.

What’s the hardest part of project work? Probably, bringing customer and contractor expectations of the process and result into accordance. When we started implementing the secure development process in the group for GK applications (checkout software) of a large retailer, we had a whole lot of time and tasks to reduce the vulnerabilities in the code. Here’s a story about what we had to actually solve and how we did it.

We recently started telling you about our experience building a secure development process for a large retailer. In case you missed it, you can check out the first part about the secure development of web portals and mobile apps here. Today, we’ll give you some details of this project’s implementation in the SAP family of applications

We have been often asked what is DevSecOps and does it affect the development process. Let’s talk a little about it. - What is DevSecOps as a framework? What technical tools and processes does it include?

CT Smart Mobility Solutions, a developer of software solutions for carsharing companies, uses DerScanner code analyzer to provide owners and customers of short-term car rental services with secure applications and therefore to protect their business and personal data. DerScanner protects the company’s clients in 10 countries in the regions of Western, Eastern Europe and Asia.

Software vulnerabilities have always been and will always be one of the main gateways for attackers. That is why secure development has been trending for years — more and more vendors are focusing on identifying and eliminating vulnerabilities at the development stage. One of the main ways to target vulnerabilities and backdoors is code analysis. Dan Chernov, DerSecur’s Chief Technology Officer, told us about the most popular technologies of code analysis, in what direction they are developi