Badges

User Activity

About 1 month ago
The easiest way to remember the role of each: SCA & SAST = Am I VulnerableDAST & IAST = Am I Exploitable (In some cases together, they compliment SAST)RASP & WAF = Can I Protect Myself  (Fixing the code is the primary option)
About 1 month ago
Choosing the right static analysis software requires multiple components:1. What are my business requirements and do I have champion BUs  2. What does your application portfolio look like (Lang. developed, Line of Code, etc.) and do we have a complete application inventory…
About 2 months ago
Rendra,  You need to ask yourself a few questions: 1. Do I know is the technology stack (languages) that needs to be supported? 2. Do I have access to the Source Code, just Binaries OR Both? 3. Do I need to support SCA(FOSS) 4. Do I need a unified Dashboard for reporting…
About 2 months ago
@Oscar Van Der Meer Fortify SCA (Static Code Analyzer) was around way before SCA (Software Composition Analysis). There are various integrations with Software Composition Analysis (SonaType, BlackDuck, Snyk, WhiteSource, and OWASP Dependency Checker & Track. The reason…

Interesting Projects and Accomplishments