- All Products
- Software Integrity
- Semiconductor IP
- Verification
- Design
- Silicon Engineering
- Application Security Services
- Dynamic Analysis (DAST)
- Mobile Application Security
- Penetration Testing
- Managed Static Analysis
- All Services
- Software Security
- Silicon Design
- Community
- About Us
< All Products
< All Products
< All Products
< All Products
< All Products
< All Products
< overview
All Products
+ Software Integrity + Semiconductor IP + Verification + Design + Silicon Engineering + Optical Solutions< Software Integrity
< Software Integrity
Application Security Services
Dynamic Analysis (DAST) Mobile Application Security Penetration Testing Managed Static Analysis< Software Integrity
< Software Integrity
< Software Integrity
Blog
< Software Integrity
Support
< overview
Software Integrity
+ Application Security Products + Application Security Services + Resources + Training & Education Blog Support< Semiconductor IP
< Semiconductor IP
Memories & Libraries
Logic Libraries Memory Compliers Duet Packages HPC Design Kit Embedded Test & Repair Non-Volatile Memory< Semiconductor IP
< Semiconductor IP
Processor Solutions
ARC Processors Embedded Vision Processors Development Tools Operating Systems Ecosystems ASIP Tools< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< overview
< Verification
< Verification
< Verification
< Design
< Design
< Design
< overview
< Silicon Engineering
< overview
< main menu
< Solutions
< Solutions
Industry Solutions
Automotive Cloud Computing Financial Services Industrial Controls Systems Healthcare< Solutions
< overview
< All Services
< All Services
< All Services
< overview
< Software Security
< Software Security
Managed Services
< Software Security
Program Development & Design
Maturity Model (BSIMM) Maturity Action Plan (MAP) Policies & Standards Security Metrics Software Security-in-a-Box< Software Security
< Software Security
Support
< overview
Software Security
+ Software Security Services Managed Services + Program Development & Design + Training Support< Silicon Design
< Silicon Design
< Silicon Design
< Silicon Design
< main menu
< Community
< Community
< Community
< Community
Interoperability
ARC Access HAPS Connect HSPICE Integrator In-Sync System-Level Catalyst TAP-in VC Apps Access< Community
< Community
< Community
< overview
Community
+ Community + SNUG + Partners + Interoperability + Academic Programs + Company Blogs + BSIMM< About Us
< About Us
< About Us
< About Us
< About Us
Software Integrity
Webinar: Update your AppSec strategy to run effectively in a DevOps world
September 18, 2017
Checklist: Kick off your software integrity program with a bang
September 14, 2017
IoT security: Where there is smoke, there is fire
September 1, 2017
Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Ken Modeste of UL at this year’s codenomi-con 2017, held at the end of July at the House of […]
Initially created to support hands-free headsets, Bluetooth in 2017 is far from a simple wireless technology standard. It has evolved into a much different technology than today’s standard Wi-Fi wireless protocols. Researchers Ben Seri and Gregory Vishnepolsky of Armis Labs examine how complicated the Bluetooth implementation has become by navigating the complex protocol implementations in […]
In recent days, more details concerning the Equifax breach have come to light. There’s now speculation that attackers exploited a vulnerability in Apache Struts to steal data. There has also been plenty of speculation regarding the exact vulnerability that may have been exploited. The Apache Struts theory The Apache Struts Program Management Committee released a […]
It started with a hackathon Every once in a while, Synopsys’ R&D teams organize internal hackathons. During one such event concentrating on the security of open source software, Tuomas Haanpää from Synopsys’ Fuzz Testing–focused R&D group decided to run the NFSv3 test suite against the Linux kernel. The results proved to be quite fruitful. Anomalized […]
On Sept. 7, Equifax announced that attackers had stolen information from about 143 million people in the United States. Canadian and U.K. residents’ data was also stolen. However, Equifax has not yet revealed the number of people affected. We do not know the exact vulnerability that was exploited. Equifax stated only that “criminals exploited a […]
Modern mobile device users often have their devices tightly integrated into daily life. From banking apps to social media feeds, these applications are high visibility targets for hackers and thieves looking to exploit weaknesses or hijack vulnerabilities. By ramping up mobile app security, vendors ensure the safety and security of their users and their infrastructure. […]
Most organizations follow common development processes when creating software. Unfortunately, these processes offer little support to construct secure software as they typically identify security defects in the verification (i.e., testing) phase. Fixing defects that late in the software development life cycle (SDLC) is often quite expensive. A better practice is to integrate security activities across […]
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Chenxi Wang at this year’s codenomi-con 2017, held at the end of July at the House of Blues in Mandalay […]
In software development shops across the world there is a strong emphasis on quality over security. But, these two key practices in the development process are not mutually exclusive. They are, in fact, two sides of the same coin joined together by their similar processes, artifacts, and goals. These include testing the software for defects, […]
The director of software development comes into your office in a panic. “We’ve got to do MISRA… stat! Legal insists on it; our customers are demanding it.” Your heart sinks. If you’ve ever been to Yosemite, you’ll know there are two ways to the summit of Half Dome: one way has fairly gradual—or at least […]
Categories
- Agile Methodology (19)
- Application Security (195)
- Automotive Security (42)
- CI/CD (3)
- Cloud Security (15)
- Code Review (21)
- Cryptography (1)
- Data Breach (48)
- DevOps (7)
- Dynamic Analysis (DAST) (12)
- Embedded Software Testing (20)
- Ethical Hacking (6)
- Featured (3)
- Financial Services Security (16)
- Fuzz Testing (15)
- Government Security (15)
- Healthcare Security (24)
- Industrial Control System Security (8)
- Infographic (9)
- Insurance Provider Security (3)
- Interactive Application Security Testing (IAST) (2)
- Internet of Things (56)
- JavaScript Security (4)
- Maturity Model (BSIMM) (42)
- Medical Device Security (30)
- Mobile Application Security (45)
- Network Security (26)
- Open Source Security (36)
- OWASP (6)
- Penetration Testing (15)
- Red Teaming (12)
- Secure Coding Guidelines (7)
- Security Architecture (9)
- Security Conference or Event (42)
- Security Metrics (11)
- Security Risk Assessment (33)
- Security Standards and Compliance (29)
- Security Training (41)
- Smart Grid Security (3)
- Software Architecture and Design (14)
- Software Composition Analysis (8)
- Software Development Life Cycle (SDLC) (47)
- Software Quality (11)
- Software Security Program Development (40)
- Software Security Testing (204)
- Static Analysis (SAST) (41)
- Threat Intelligence (5)
- Threat Modeling (25)
- Vendor Risk Management (11)
- Vulnerability Assessment (109)
- Web Application Security (51)
Archives