By Byron V. Acohido

When Log4J came to light in 2021, Kinnaird McQuade, then a security engineer at Square, drew the assignment of testing endpoints at some 5,000 users of the popular mobile payments service.

“It took us eight hours to run the scan and I was sweating it because these were all small family businesses that depended on Square, and if any of them got popped, it would be real people that were affected,” McQuade told me.

That ordeal proved to be a catalyst for McQuade, a renowned ethical hacker and creator of popular open-source security tools, to launch NightVision and succeed where static application security testing (SAST) and dynamic application security testing (DAST) have failed.

The focus is on providing a software testing solution that does not impede innovation, provides clear guidance to developers and identifies software vulnerabilities long before public release. Last week, NightVision announced the commercial availability of its first application security testing solution.

.ai-rotate {position: relative;}
.ai-rotate-hidden {visibility: hidden;}
.ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;}
.ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;}
.ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;}

image

I visited with McQuade, who’s now NightVision’s CTO, and George Prince, CEO, at RSAC 2024 a couple weeks prior to their launch. For a full drill down, please give the accompanying podcast a listen.

NightVision recently announced $5.4 million seed backing of its hybrid approach to enable software developers to detect vulnerabilities quickly and accurately, tracing them back to the source code for immediate action. This capability is crucial as businesses increasingly rely on APIs, the vast majority of which remain undocumented and vulnerable to attacks, Prince observes.

“We’re solving a fundamental problem at its root,” Prince says. “Our tools make it possible to perform security scans in seconds, not hours, and offer actionable insights that help developers fix issues before they reach production. This not only saves time but also significantly reduces the risk of security breaches.”??

image

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.


(LW provides consulting services to the vendors we cover.)

imageimageimage

June 3rd, 2024