Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
I am relatively new and unfamiliar with the concept of SCA and vulnerability scans and I've just heard about Veracode and want to venture into more options that are available which share some ( or have some additional functionality ) to Veracode.
Thanks!
Veracode provides us with three kinds of scans, namely:
Static Scans (SAST) - requires source code and integrated into SLDC
at an early stage
Dynamic Scans (DAST) - requires running instance
and integrated towards the end of SLDC
Manual PenTest
SCA - part of SAST, checks for vulnerabilities in libraries you are using for your project
For more information on the difference between SAST and DAST: https://www.synopsys.com/blogs/software-security/sast-vs-dast-difference/
After researching for a while CheckMarx can be used as an alternative SAST solution to Veracode and it offers SCA just like Veracode too
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed last year.
Improve this question
My company a web based ERP system and there are several tedious, repetitive tasks I'd like to automate and seems like it should be fairly easy to do in Python... I've been using the Pandas library and only familiar with the analytical power of Python.
Is there a library anyone would suggest for accomplishing this?
Thank you,
Me
You may try ClointFusion which offers 100+ easy to use functions developed using pyautogui, helium among others.
Disclaimer: I am one of the Developers of ClointFusion
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
I have been using PMD and Findbug for my application but fortify managed to detect some of the security vulnerabilities in my application. I am wondering if there is other open-source software that does the similar job as Fortify?
If your focus is on security, you could benefit from additional security rules. Find Security Bugs is a set of detectors for FindBugs.
Disclaimer : I'm the author of the tool mention
Here is an exhaustive list of static analyzers maintained by the nist : http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html
Sonar is pretty similar to Fortify. However, it focuses more on code quality/metrics rather than security. There is some overlap in informational. Additionally, there are plugins for Sonar such as Security Rules that allow you to add more security metrics.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
I'm looking for a toolkit to test how my website will react to a DOS/DDOS attack. The only tool I know so far, is Low Orbit Ion Cannon. However, I don't know how this one compares to any other tools avaliable. Also, I'd love the ability to run it from the command line on linux.
Which DDOS tools would you recommend for me?
I prefer open source, unless the alternative is significantly better
Normally, "real" testing against a DDOS attack or, just heavy traffic in general, is referred to as "load testing". Perhaps google will yield better results from those keywords.
I use LoadStorm--it's been reliable and I would recommend it.
Fearboot.com is a good place for that.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
Can someone point me to a tutorial or API resource for Autonomy IDOL search?
Thanks.
Also, the API is pretty well documented if you go to the following URL -
http://[autonomy_url]?action=help
Do you have access to an automater acount?
The knowledge base section contains some examples.
If you are using the JAVA API there are JAVADOC with some examples
The COM API contains sample code.
There are three main sources I tend to use, for almost any IDOL Server work: the built in help, the IDOL Server Administration guide and the support site.
Experimentation can be worthwhile, once you have some familiarity with the system.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
While the built-in analytics of MOSS2007 are nice to have - they are inadequate at the same time. Any ideas where I can look for a more comprehensive package? Am I missing something?
Thanks,
Carl
Take a look at Nintex Reporting. We just bought it and it seems like a nice enhancement on top of the out of the box usage reporting. They seem to do everything "right" from a supportability point of view too, so you don't have a tool in there monkeying directly with your content databases.
I've also heard claims from our Webtrends rep that they have some SharePoint-specific capabilities, if that's a product suite you already happen to use.
If you're looking for Usage reporting, you could surf over to http://www.intlock.com/ and look into CardioLog too.