Software Assurance Tools

Question 1

Findbugs and Findsecbugs (Software Assurance Tools)

Answer 1

• used to conduct security audits of Java apps before deployment
• *FindBugs is an open source static code analyzer or static application security testing (SAST) tool that detects possible bugs in Java programs.
• *FindSecurityBugs is an open source plugin that detects security issues in Java web applications.

Question 2

Peach (Software Assurance Tools)

Answer 2

• automated security testing platform to ID vulnerabilities while conducting fuzzing
• *Peach Tech offers several dynamic application security testing (DAST) products for pen testing, including Peach API Security, which helps secure web APIs against the OWASP Top 10, and Peach Fuzzer, an automated security testing platform for prevention of zero-day attacks. Within Peach Fuzzer, modular test definitions called Peach Pits enable you to fully customize exploits against test targets.

Question 3

AFL - American Fuzzy Loop (Software Assurance Tools)

Answer 3

• (American fuzzy lop): An open source DAST tool that feeds input to a program to test for bugs and possible security vulnerabilities.
• Dynamic

Question 4

SonarQube (Software Assurance Tools)

Answer 4

• open source platform that performs automatic static code reviews to find vulnerabilities and bugs in over 20 programming languages
• Static

Question 5

YASCA (Yet Another Source Code Analyzer)

Answer 5

*(yet another source code analyzer): An open source SAST program that inspects source code for security vulnerabilities, code quality, and performance.