blog.coverity.com
QA Archives - Software Testing Blog
http://blog.coverity.com/category/qa-2
Coverity at the SD Summit Helsinki. Posted by: Jeni McSkimming, in category QA. October 16, 2014. Coverity, along with local partner Jab were again exhibiting at this year’s SD summit in Helsinki. The event welcomed a vast mix of professionals but mainly included Test Managers or those involved in the QA process with an interest in the adoption of continuous integration methods. This is where our platform was able to demonstrate…. Coverity’s Next Generation Software Testing Platform. June 17, 2014. Poste...
blog.coverity.com
security Archives - Software Testing Blog
http://blog.coverity.com/tag/security
Coverity Scan, Application Security and Open Source. Posted by: Zack Samocha, in category Open Source. October 15, 2014. We have just upgraded the Coverity Scan service to Coverity 7.5. With this upgrade, we’re now enabling Coverity Scan members to utilize Coverity Security Advisor to help them eliminate security defects in Java web applications. Since Heartbleed, GoToFail bug and recently the shellshock, we have aimed to provide the latest technology that will enable open…. January 22, 2014. Coverity wa...
security.coverity.com
Coverity Security Research Lab
http://security.coverity.com/blog/2015/Apr/unicode-escaping-is-coverity-affected.html
Unicode Escaping: Is Coverity Affected? Apr 24, 2015. Java Unicode Escaping Background. The Java 8 Language Specification (JLS) Section 3.3. This means someone can embed an escaped Unicode character in Java source code that will be unescaped when it's compiled. Searching Stack Overflow. That can arise from Unicode escaped values in Java source code. From a security standpoint, a developer could potentially hide malicious code using this technique. Jeff William. What's Old is New. Recently posted a comment.
security.coverity.com
Coverity Security Research Lab
http://security.coverity.com/blog/2015/Jul/a-second-helping-of-pie.html
A Second Helping of PIE. Jul 01, 2015. A Second Helping of PIE. In a previous post. With particular emphasis on how it can be used with the Java Security Manager to build a security policy and protect applications against known and unknown vulnerabilities. In this post, I'm going to elaborate on additional features of PIE such as using PIE with different modules (e.g. CSP. The Many Flavors of PIE. If you take a look at the PIE group. At the time of writing, PIE has two implementations out of the box: one...
security.coverity.com
Coverity Security Research Lab
http://security.coverity.com/blog/2015/Jun/a-slice-of-pie.html
A Slice of PIE. Jun 02, 2015. On May 21, 2015 I gave a presentation at AppSec EU. Discussing security policies and managers, and specifically noting their utility in blocking known and unknown exploits. I noted that these tools tend to be difficult to use, and as a feature of my presentation introduced PIE. An open source tool for the painless generation of security policies. Vulnerability in an old version of Struts 2 without any specific knowledge of Struts 2 or this vulnerability. The code source, e&#...
blog.coverity.com
With great power comes great responsibility
http://blog.coverity.com/2011/01/14/with-great-power-comes-great-responsibility
With great power comes great responsibility. In category Software Testing. January 14, 2011. As always, the news and product announcements coming from the Consumer Electronics Show. Were fascinating. A trend not lost on most observers was the rise of Android. You might be forgiven for thinking it was the Android Electronics Show. Even before CES, comScore reported. That that the number of Android users is now more than the number of iPhone users. Most of the entrants to rival the iPad. Ask The Bug Guys.
blog.coverity.com
coverity-scan Archives - Software Testing Blog
http://blog.coverity.com/tag/coverity-scan
Coverity Scan, Application Security and Open Source. Posted by: Zack Samocha, in category Open Source. October 15, 2014. We have just upgraded the Coverity Scan service to Coverity 7.5. With this upgrade, we’re now enabling Coverity Scan members to utilize Coverity Security Advisor to help them eliminate security defects in Java web applications. Since Heartbleed, GoToFail bug and recently the shellshock, we have aimed to provide the latest technology that will enable open…. September 10, 2014. If softwa...
blog.coverity.com
coverity Archives - Software Testing Blog
http://blog.coverity.com/tag/coverity
Coverity Scan, Application Security and Open Source. Posted by: Zack Samocha, in category Open Source. October 15, 2014. We have just upgraded the Coverity Scan service to Coverity 7.5. With this upgrade, we’re now enabling Coverity Scan members to utilize Coverity Security Advisor to help them eliminate security defects in Java web applications. Since Heartbleed, GoToFail bug and recently the shellshock, we have aimed to provide the latest technology that will enable open…. September 10, 2014. Announcin...