Monday, April 23, 2018

Application Security Testing (the Wild West perspective)

Imagine running a bank in a small town. A small town in the Old Wild West. Gangs roam freely. Many people are poor and desperate. Law and enforcement exists, but is open for individual interpretation. Many crimes go unpunished. And you keep all the bank's money in the safe. Every night you try to sleep and not think about your safe - is someone trying to pry or blow it open at the very moment?

Now... imagine you want to make that safe more secure. Would you pay a bunch of thugs to crack it open by force and blow it up? Or would you prefer to pay a group of highly skilled engineers to disassemble it to pieces and carefully examine each one and explain how to fix all the weakness they find?

The Internet of today still functions much as the old Wild West - many laws that try to enforce order are either too broad or vary significantly from country to country. Not many law enforcement officials to be found. And there are a lot of people that roam around trying to gain some profit even if it means breaking the law.

Your applications and infrastructure is your secure safe. At least it should be secure. You can not be sure unless someone examines it thoroughly and helps you find and fix all the vulnerabilities before the bad guys do. Doing the examination of a running application is called DAST (Dynamic Application Security Testing). DAST is the equivalent of roughly shaking the safe, beating it with a large club, proceeding to cut it with a blowtorch, and finishing up with a bunch of explosives. It has it's own purpose and advantages, but will never be able to discover some of the weaknesses the careful disassembly and examination would. To check your applications in a thorough way you need to analyze it's source code. The best method to do it is called SAST (Static Application Security Testing).

To perform the static testing, you can employ two methods:

  1. Team(s) of highly skilled security professionals going through your source code line by line and trying to spot weaknesses
  2. Find some way to automate the procedure and have people only examine and verify the results

The first method (manual code review) gives best results if the team is skilled enough and has enough time to do it. Experienced security professionals are hard to find (read: not cheap) and time it takes to manually go through even medium application can take the whole team of people many months or years. Because of huge costs and time it takes, manual code review is seldom employed for anything but the applications of utmost importance.

Way to go is to automate the procedure and employ the help of your own computer to read and understand the source code. And notify you if there are any security vulnerabilities in there. That way you can check your code while still in early stages of development and spot the issues early enough. And avoid the costs of having to do a major redesign later on. If using automated tools, you can make a policy that says: "Every new version of the application that goes into production must go through the security review". That way you can sleep peacefully knowing that the latest deploy did not just open up a huge hole right in the middle of your application. A hole that you might hear about in the morning news while sipping your coffee. Might not be the way you want to make a debut for yourself and your company.

The question remains - if the source code review is so costly and time consuming, how can anyone afford doing it even once, let alone do regular checks every time something is changed or added? There are not many solutions and tools that help you, but we can assure you ours is one of the best there is. We call it ThunderScan. Almost 10 years in development, it grew to become one of the best and cost effective tools out there. Maybe even the best - we will let you decide.

We tried to find a way to compare it to the best tools there are. The most objective and acclaimed way to do it was to apply for the OWASP Benchmark Project. The OWASP Foundation one of the top authorities in IT security. Their Benchmark allowed us to examine the score of our SAST tool (ThunderScan) to the best tools in the world. And our results were impressive - we managed to find way more vulnerabilities than any other commercial tool.

We encourage you to try our tool yourself and make your own opinion. You can grab a free trial by clicking HERE. No credit card required. Really free of charge. Let us know how you like it by contacting us at

Kind regards,

DefenseCode team

We mentioned we also excel in the cost-performance. Well... That was not the whole truth. Although we do offer highest quality we do not charge highest prices. On the contrary - our prices are only a fraction of prices of the other top of the line tools, and we are so proud of it we made them public. You can check them out HERE


  1. Thanks for your guidance. It is really great effort. Keep Share more useful information.

    Dot Net Training in Chennai
    Dot Net Training Institute in Chennai

  2. Thank you for sharing wonderful information with us to get some idea about that content. check it once through

    AWS Training in chennai | AWS Training institute in velachery

  3. Thanks for sharing this in here. You are running a great blog, keep up this good work.
    Best Hadoop training in velachery

  4. Packing and unpacking is part and parcel of moving goods. Through our vendors you could get professional packing for the wide range of items for your home and office.
    packers and movers thrissur
    packers and movers in belgaum
    packers and movers kharagpur
    packers & movers in nagpur
    packers and movers btm layout

  5. It is common to find ourselves in situation where the dates to vacate your facilityis predetermined and you are not ready yet to move into the would-be facility. The situation may apply to both – home as well as office. In such situations, you could opt for our storage and warehousing services.
    Packers and Movers in Bangalore
    Packers and Movers in Pune
    Packers and Movers in Mumbai
    Packers and Movers in Hyderabad
    Packers and Movers in Delhi
    packers and movers in panchkula
    Packers and Movers in Kolkata
    Packers and Movers in Chennai

  6. خدمات مكافحة الحشرات
    لذلك تحرص شركتنا كأفضل الشركات الموجودة فى الرياض على التخلص من جميع الأفات الشرسه مثلا الفئران وغيرها من القوارض التى من الممكن ان تكون سبب فى تدمير اغراض اى منزل او قد تسبب بعض الامراض اونقلها.
    افضل شركة رش دفان بالرياض
    شركة مكافحة حشرات بالرياض
    شركة مكافحة النمل الابيض بالرياض
    شركة مكافحة الصراصير بالرياض
    شركة مكافحة الفئران بالرياض
    شركة مكافحة الحمام بالرياض

  7. Great blog, Its really give such wonderful information, that was very useful for me. Thanks for sharing with us.

    Dot Net Training in Chennai

  8. thank you for your invaluable information

  9. Good job in presenting the correct content with the clear explanation. The content looks real with valid information. Good Work

    DevOps is currently a popular model currently organizations all over the world moving towards to it. Your post gave a clear idea about knowing the DevOps model and its importance.

    Good to learn about DevOps at this time.

    devops training in chennai | devops training in chennai with placement | devops training in chennai omr | devops training in velachery | devops training in chennai tambaram | devops institutes in chennai | devops certification in chennai | trending technologies list 2018

  10. Hello great information found here, Being IT person we should always in up to date. Current IT market has been looking for Automation in every platform. Why people want to make them update, I have been observing from past few days RPA is trending across the world. Update your career to RPA, Blue Prism, Automation Anywhere.
    Angular 6 Training in Chennai
    RPA Training in Chennai
    DevOps Training
    Java Training in Chennai
    Python Online training

  11. Thank you for sharing your article. Great efforts put it to find the list of articles which is very useful to know, Definitely will share the same to other forums.
    best openstack training in chennai | openstack course fees in chennai
    java training in chennai | primavera training in chennai

  12. I think things like this are really interesting. I absolutely love to find unique places like this. It really looks super creepy though!! machine learning training in chennai

    artificial intelligence and machine learning course in chennai

    machine learning training in velachery

  13. Packers and Movers Pune Provide High Quality ***Household Shifting, Home/Office Relocation, Insurance, Packing, Loading, ###Car Transportation Service Pune and High experiences, Top Rated, Safe and Reliable, Best and Secure Packers and Movers Pune Team List. Get ✔✔✔ Affordable Rate Charts and Compare Quotation and Save Money and Time .
    Packers And Movers Pune

  14. Hire Best Packers And Movers Mumbai for hassle-free Household Shifting, ***Office Relocation, ###Car Transporation, Loading Unloading, packing Unpacking at affordable ✔✔✔ Price Quotation. Top Rated, Safe and Secure Service Providers who can help you with 24x7 and make sure a Untroubled Relocation Services at Cheapest/Lowest Rate
    Packers And Movers Mumbai

  15. Get Shifting/Relocation Quotation from ###Packers and Movers Delhi. Packers and Movers Delhi 100% Affordable and Reliable ***Household Shifting Services. Compare Transportation Charges and Save Time, Verified and Trusted Packers and Movers in Delhi, Cheap and Safe Local, Domestic House Shifting @
    Packers and Movers Delhi


  16. Thank you so much for your information,its very useful and helpful to me.Keep updating and sharing. Thank you.

    Devops Course in Chennai

  17. Packers and Movers Chennai Give Safe and Reliable ***Household Shifting Services in Chennai with Reasonable ###Packers and Movers Price Quotation. We Provide Household Shifting, Office Relocation, ✔✔✔Local and Domestic Transportation Services, Affordable and Reliable Shifting Service Charges @
    Packers And Movers Chennai

  18. Packers And Movers Bangalore Local Household Shifting Service, Get Free Best Price Quotes Local Packers and Movers in Bangalore List , Compare Charges, Save Money And Time @ Packers And Movers in Bangalore

  19. Packers and Movers Bangalore as a Services providing company can make all the difference to your ###Home Relocation experience. Bangalore based Company which offers versatile solutions, Right team that easily reduce the stress associated with a ✔✔✔Household Shifting, ***Vehicle Transportation. we help things run smoothly and reduce breakages and offer you seamless, Affordable, Reliable Shifting Services, Compare Shifting Charges @
    Packers And Movers Bangalore

  20. Thanks for your great and helpful presentation I like your good service. I always appreciate your post. That is very interesting I love reading and I am always searching for informative information like this.iot training institutes in chennai | industrial iot training chennai