The Matrix: a cult classic film of my generation. Yes, I am aware I said that word, ‘generation’, and I am only 26. I find there seems to be a much shorter generational turn around before films become forgotten and lost to DVD shelves or corners of Netflix, with 5 years the usual tipping point. The much anticipated Matrix 4 was a hot topic of conversation a few weeks ago in our office and how they were going to bring back one of my favourite films growing up, this is when my colleague said she had never heard of the Matrix and had no clue what I was talking about (she is 21). I am sure a lot of you are wondering how this is going to link back to cyber security and the usual trend of our blogs here at Armadillo. Do you remember the scene in the film where Neo is talking to Cypher about how the Matrix looks from the outside world, lots of the iconic green coded writing. Cypher then suggests he has become an expert in watching this code to the point he can see in real terms what this code really looks like in the Matrix, including anomalies in this code (the agents).
Cypher, in real life terms of IT security is a developer/coder in most organisations in the 21st century, amazing at building applications from code and seeing where things should and shouldn’t be. But who is checking the checker, humans are not designed to be perfect and will always make mistakes, however good or experienced they maybe. This is where process and different technologies come in to make sure that these mistakes do not become holes into the organisation and their applications.
Veracode are tackling this problem head on with a number of solutions which check these issues in the code so these never materialise, and if they do, alert the coders before these applications go live. They are tackling this via the below solutions.
SAST (The Blue Pill):
Static Application Security Testing tests the code before the application has gone live and allows for remediation of these issues before the vulnerabilities are allowed to be exploited in a live environment. Veracode integrates with the development and current security tools to seamlessly perform this test all in the usual development process.
DAST (The Red Pill):
Dynamic Application Security Testing tests the application while it is live, checking to see if any updates or changes to these applications have caused any anomalies to flare up or create a hole. With Veracode this can be automatically set up to scan at regular intervals through out the month or year to constantly check that this.
Greenlight (Come on it has Green in the name):
Unlike the previous two, where coding is checked after the fact, Greenlight is a software that reviews the coding while you’re doing it. It is used to help developers deliver applications in a faster manner without having any of the above issues in the first place; reducing not only vulnerabilities, but Q&A processes making the whole process more efficient and with less flaws. Here at Armadillo we can help you decide which pill would best suit your development cycle and secure coding needs. Get in touch via 0208 0888 222 or hello@wearearmadillo.com today.
Written by: John Webster, Account Manager at Armadillo.