A world-wide, not-for-profit organisation focused on improving the security of software. All materials and tools are available under an open-source license.
What is OWASP?
100
A tool used by most developers to create, build, and test software.
What is an IDE?
100
A method of quickly assessing the security of an application, using a model of the application and analysis rules.
What is Static Analysis?
100
A service available from Veracode that assists customers in defining, executing and improving their application security program.
What is SPM/CSM?
100
An on-prem and 'cloud' application security testing company focused on scan speeds and the developer, with a high false positive rate and no centralised platform.
What is Checkmarx?
200
An industry standard covering the security of payment processing systems.
What is PCI-DSS?
200
A tool used to automate the process of compiling, packaging and testing software before release.
What is a build server? (Jenkins etc.)
200
A method of accurately assessing the security of a web application, by sending attacks to the running application.
What is Dynamic Analysis?
200
A service available from Veracode that assists customer's developers in best practice flaw remediation and application on-boarding.
What is Remediation Coaching?
200
An on-prem and cloud application security testing BU within a larger software company, with a high false positive rate and fairly weak SLDC integrations.
What is Micro Focus/Fortify?
300
A security training provider that hosts courses all over the world as well as publishing security books and online content.
What is SANS?
300
A software development approach focused on short release cycles and iterative backlog management.
What is Agile?
300
A product used to identify the known vulnerabilities in Open Source components in Java, Scala and .NET applications.
What is Software Composition Analysis? (SCA)
300
A service available from Veracode, primarily sold alongside a scanning technology, providing manual assessment of an application.
What is MPT?
300
An on-prem and cloud application security testing BU within a larger software company, that primarily sells into its existing customer base and has outsourced product development to HCL India.
What is IBM/HCL?
400
A common, labour-intensive, time-consuming approach to software security testing.
What is Penetration Testing?
400
A movement to break down the barriers between the various teams involved in designing, developing, and operating software.
What is DevOps?
400
A set of rules that bring together Static, Dynamic and SCA scan results into a single point of control and compliance.
What is a Veracode Policy?
400
A service available from Veracode that assist customers with managing risk assessment of flaw mitigation proposals.
What is MPR?
400
A software testing company that has recently spent $1b+ on aquiring popular security testing technologies but has yet to bring these together into a cohesive platform.
What is Synopsys?
500
A less common, early stage assessment of the potential threats to an application that has not yet been developed.
What is Threat Modelling?
500
A common Agile software development methodology, focused on self-organising development teams.
What is SCRUM?
500
The main interface to the Veracode scanning service that brings together all scanning technologies, reporting, e-learning and account administration.
What is the Veracode Platform?
500
A service available from Veracode that provides dedicated ASC-plus resource to a customer.
What is RAS?
500
A popular Open Source application quality testing tool that has a basic application security plugin and a high false positive rate.