NSFOCUS Security Labs is keeping an eye out for the trends in supply chain security and is pleased to share observations and thoughts with our blog readers. You will see the links for more posts we published about software supply chain security at the end of the article. In the next several...
Tag: supply chain security;
Key Technologies for Software Supply Chain Security – Data Security Technology
According to Gartner's supply chain security risk report in 2021[1], breaches of confidential or sensitive information constitute another major factor contributing to software supply chain risks. Hackers steal hard-coded credentials in source code, building logs, and infrastructure, such as API keys, encryption keys, tokens, and passwords, or locate vulnerabilities in...
Key Technologies for Software Supply Chain Security—Detection Technique (Part 4)—Interactive Application Security Testing (IAST) and Fuzzing (Fuzz Testing)
Interactive Application Security Testing (IAST) IAST is a new application security testing technique that has become popular in recent years and is recognized by Gartner as one of the top 10 technologies in the cybersecurity field. IAST works to constantly monitor and collect the traffic or codes inside when the...
Key Technologies for Software Supply Chain Security – Detection Technique (Part 3) – Dynamic Application Security Testing (DAST)
In actual attack scenarios, when the source code is often unavailable, a white-box-based model is used to analyze software vulnerabilities. Hackers mostly conduct black-box scans against running systems or services, looking for possible vulnerabilities to attack. DAST simulates a hacker's attack using an outside-in detection technique on systems or services...
Key Technologies for Software Supply Chain Security – Detection Techniques (Part 2) – Static Application Security Testing (SAST)
NSFOCUS Security Labs is keeping an eye out for the trends in supply chain security and is pleased to share observations and thoughts with our blog readers. You will see the links for more posts we published about software supply chain security at the end of the article. From the perspective of...
Key Technologies for Software Supply Chain Security – Detection Techniques (Part 1) – Software Composition Analysis
Software supply chain security detection techniques must cover the software delivery life cycle, including software design, building, testing, and operation. There are mainly five types of security detection techniques, namely software composition analysis (SCA), static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), and...
