Coverity Questions

Miriam Tover
Content Specialist
IT Central Station

Hi,

We all know it's really hard to get good pricing and cost information.

Please share what you can so you can help your peers.

Miriam Tover
Content Specialist
IT Central Station

If you were talking to someone whose organization is considering Coverity, what would you say?

How would you rate it and why? Any other tips or advice?

Miriam Tover
Content Specialist
IT Central Station

Hi Everyone,

What do you like most about Coverity?

Thanks for sharing your thoughts with the community!

Miriam Tover
Content Specialist
IT Central Station

Please share with the community what you think needs improvement with Coverity.

What are its weaknesses? What would you like to see changed in a future version?

Julia Frohwein
Content and Social Media Manager
IT Central Station

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

Application Security Questions
Rony_Sklar
IT Central Station
Jan 13 2021

There are many cybersecurity tools available, but some aren't doing the job that they should be doing. 


What are some of the threats that may be associated with using 'fake' cybersecurity tools?


What can people do to ensure that they're using a tool that actually does what it says it does?

SimonClark Dan Doggendorf gave sound advice. Whilst some of the free or cheap… more »
Dan DoggendorfThe biggest threat is risks you think you have managed are not managed at all so… more »
Javier MedinaYou should build a lab, try the tools and analyze the traffic and behavior with… more »
Manoj Kumar Kemisetty
Sap Advanced Business Application Programming Consultant at Accenture
Sep 24 2020

Is SonarQube is the best tool for static analysis or there are any good tools which compete with SonarQube?

Purushothaman KStatic tool we can use Fortify or IBM Appscan. SonarQube widely used for… more »
Peter ArvedlundI am not very familiar with SonarQube and their solutions, so I can not answer… more »
Steven KlusenerPlease have a look at the TICS framework, offered by www.tiobe.com, it is… more »
Menachem D Pritzker
Director of Growth
IT Central Station
Aug 10 2020

On July 15, 2020, several verified Twitter accounts with millions of followers were compromised in a cyberattack. Many of the hacked accounts we protected using two-factor authentication, which the hackers were somehow able to bypass.


Hacked accounts included Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Mike Bloomberg, Warren Buffett, Kim Kardashian, and Kanye West, Benjamin Netanyahu, and several high profile tech companies, including Apple and Uber.


The hackers posted variation of a message asking follower to transfer thousands of dollars in Bitcoin, with the promise that double the donated amount would be returned.


How could Twitter have been better prepared for this? How do you rate their response?

Ken ShauretteFor some good information from a leading expert check out the webinar today 7/17… more »
Ken ShauretteI like the potential for catching an unusual activity like that with our… more »
Russell WebsterSpan of control, Solid RBAC, Privileged Access Management (PAM) 
Rony_Sklar
IT Central Station

Many companies wonder about whether SAST or DAST is better for application security testing. What are the relative benefits of each methodology? Is it possible to make use of both?

Dan DoggendorfSAST and  DAST are not mutually exclusive and should be used in conjunction with… more »
Oscar Van Der MeerFor application security you ideally need SAST, SCA and DAST. You need all three… more »
Russell WebsterBoth. They are not in competition with each other. SAST is used for analyzing… more »
Rony_Sklar
IT Central Station

Which single application security tool provides the best overall protection?

Kangkan GoswamiThe best source to know the OWASP risks is the OWASP website. For top 10 risks… more »
CK Low
User

I am researching application security software for my organization. We provide systems to the airline industry.


Which products provide both vulnerability scanning and quality checks?


Which one(s) do you recommend and why?


Thanks,


CK

TundeOgunkoyaWhilst it may appear as though the real solution to a question like yours is to… more »
Wanda ThomasIt depends if the application is a web app. Does it have a database? Are the… more »
davidstromBurp Suite from PortSwigger (pen testing and vuln scans) and WebGoat from OWASP… more »
Ariel Lindenfeld
Sr. Director of Community
IT Central Station
Oct 09 2020

Let the community know what you think. Share your opinions now!

reviewer1434390I would check the authentication steps required. How does the data storage work… more »