Category Archives: Static Analysis

Announcing Our Latest Integration: Beyond Security

Ed Bellis    June 5, 2014

At Risk I/O, we’ve always made it our mission to integrate with the scanner tools used most. That’s why we’ve added integration with the BeyondSecurity AVDS web scanner to our vulnerability threat management platform. With the new BeyondSecurity AVDS connector, you can discover and eliminate your network’s most serious security weaknesses. Simply sync your scan data via our new connector and Risk I/O will… Read more »

Measuring vs. Modeling

Andrea Bailiff-Gush    December 10, 2013

This month our data scientist Michael Roytman is featured in the USENIX Association’s Journal alongside Dan Geer. Their article harkens back to our long-running theme of focusing on remediating the vulnerabilities which _actually_ generate risk for your environment. Michael and Dan argue that using CVSS as a guide for remediation is not only ineffective at identifying vulnerabilities likely to be… Read more »

What I Learned at BayThreat 2013

rhuber    December 9, 2013

BayThreat, an annual bay area information security conference, was this past weekend. As in years past it was top notch and well organized. The conference returned to it’s old home, the Hacker Dojo, for this fourth incarnation. Some highlights (in no particular order): Nick Sullivan spoke on white box cryptography, and the lack of a current open source implementation. White… Read more »

BayThreat 2012

admin    December 11, 2012

The third annual BayThreat conference was held this past weekend (Dec 7th and Dec 8th) in Sunnyvale, CA. Ryan Huber and myself from Risk I/O attended the event.  BayThreat is a security conference that has a great community feel.  This year’s event outgrew its previous location, and was held at the festive Firehouse Brewery in the historic section of Sunnyvale. Baythreat’s 2012… Read more »

Now Serving Veracode Users

Andrea Bailiff-Gush    May 15, 2012

Following our recent integration with Portswigger’s Burp web scanner, our development team has added another vulnerability assessment tool to Risk I/O. Integration with Veracode static analysis is now available! If you use Veracode to scan your applications for security flaws, you’ll be happy to learn that you can now plug it into Risk I/O to manage and monitor the vulnerabilities that… Read more »

The Scanner That Cried Wolf

Ed Bellis    January 5, 2012

Dealing with false positives during a vulnerability assessment is a fact of life. As applications and infrastructure grow larger and more complex, the likelihood of running into these Type I errors increases along with it. Although these issues become more commonplace as you grow, there are a number of known ways to help decrease the amount of false positives that are produced… Read more »

SAST And DAST Like Peanut Butter and Jelly

Ed Bellis    October 3, 2011

Today, our development team added HP Fortify integration with Risk I/O. HP Fortify is a static analysis tool that looks at the source code of an application to identify security flaws within. Fortify’s Static Application Security Testing (SAST) results provide an inside-out view of the vulnerabilities that exist in a software program compared to Dynamic Application Security Testing (DAST) that… Read more »