Cloud Tunedcloudtuned.hashnode.dev·Jul 6, 2024Understanding Checkmarx: Securing Your Code from WithinUnderstanding Checkmarx: Securing Your Code from Within Introduction In an era where cyber threats are ever-evolving, securing software applications from vulnerabilities is paramount. Checkmarx is a leading application security testing solution desig...Discussstatic analysis
Raineraineyang.hashnode.dev·Jul 3, 2024PyTA Project: Converting Function Preconditions to Z3 ConstraintsToday's task is to update ExprWrapper, a module that converts a python expression to corresponding z3 expression, to support container classes like list , tuple, and set, and in operation. In this article, I will first provide a brief overview of z3 ...DiscussPython
Simon Crowesimoncrowe.hashnode.dev·Jun 29, 2024Django and Semgrep: Enforcing a Service Layer Using Static AnalysisIn my previous post about implementing a service layer in Django, I wrote about a simple pattern that "plays nice" with the mountain of functionality that comes with Django out-of-the-box, particularly the ORM. In this implementation, business logic ...Discuss·280 readsPython
Cloud Tunedcloudtuned.hashnode.dev·Jun 22, 2024Discovering KICS: Keeping Infrastructure as Code SecureDiscovering KICS: Keeping Infrastructure as Code Secure Introduction As the adoption of Infrastructure as Code (IaC) grows, so does the need to ensure that these configurations are secure. IaC allows developers to define and manage infrastructure thr...Discusskics
Zealynx Securityzealynx.hashnode.dev·Jun 3, 2024How to Write a Detector in Aderyn Step by StepIn this post, you'll learn how to develop a custom detector in Aderyn, a Rust-based static analyzer for Solidity smart contracts. We'll guide you through creating the `division_before_multiplication` detector, from understanding the vulnerability and...Discuss·2 likes·257 readsstatic code analysis
Cloud Tunedcloudtuned.hashnode.dev·Jun 2, 2024An Introduction to Semgrep: Lightweight Static Analysis for Modern CodebasesAn Introduction to Semgrep: Lightweight Static Analysis for Modern Codebases Introduction In the world of software development, maintaining code quality and security is a continuous challenge. Traditional static analysis tools can be cumbersome, slow...Discusssemgrep
Haneunhanlee.hashnode.dev·Aug 22, 2023What are Dynamic Analysis and Static AnalysisDefinition Methods of Analyzing Programs Dynamic Analysis Verifying through multiple executions Dynamic analysis is a method of analyzing the behavior of software during its execution. When software is running, dynamic analysis tools are used to moni...DiscussCyber Securitycybersecurity
Cédric Bahirwecedricbahirwe.hashnode.dev·Feb 13, 2023How do static analysis tools suffer from false negatives and false positives?Introduction Static analysis tools, also known as linting tools such as ES Lint (for JavaScript) or SwiftLint (for Swift), are software programs that analyze source code for potential issues, such as bugs, security vulnerabilities, and coding standar...Discuss·195 readsLinter
Muhammed Salih Gülersalihgueler.hashnode.dev·Jan 10, 2023Leveraging Dart Lint Rules for Your Flutter ApplicationsIt has been a while since I created a Flutter content that could benefit engineers from different levels. So I thought this should be a nice, conversational blog post about Dart's static analysis tools. I have been developing Flutter applications for...Discuss·1 like·530 readsFlutter
Geoffrey Copinblog.sylver.dev·Sep 23, 2022Build a custom Go linter in 5 minutesCreating a custom linter can be a great way to enforce coding standards and detect code smells. In this tutorial, we'll use Sylver's, a source code query engine to build a custom Golang linter in just a few lines of code. Sylver's main interface is a...Discuss·1 like·2.6K readsGo Language