Software Integrity

What is IAST? Interactive application security testing is an emerging technology that is transforming the way organizations secure their web apps at the speed of DevOps. IAST automatically and continuously scans apps during QA testing to detect security vulnerabilities earlier in the SDLC than traditional DAST or pen testing solutions—when it’s easier, faster, and cheaper […]

Continue Reading...

This article was originally published in Forbes. I hate to say I told you so…well, actually, like most people, I love to say I told you so. I’m just willing to admit it. Because the state of software security a year after the catastrophic data breach of Equifax became public, basically confirms what I wrote last October: […]

Continue Reading...

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Dude, don’t take my Tesla! Plus Tor Browser zero-day (already wiped away), and you’ve got malware (if you fall for it!). Watch this week’s episode […]

Continue Reading...

Open source is the foundation of most modern applications. However, left untracked, open source can put containerized applications at risk of known vulnerabilities such as Heartbleed and CVE-2017-5638 found in Apache Struts. Tracking open source can be difficult in containerized production environments, which pose new challenges to application security. Organizations need visibility into the open […]

Continue Reading...

Synopsys is well-known for our software integrity portfolio: integrated testing tools, managed services, professional services, and developer education. But products, services, and training aren’t all we offer. We also perform hundreds of Black Duck On-Demand open source audits every year. And all that audit data fuels the open source security research and vulnerability analysis we […]

Continue Reading...

The Internet of Things is all around us. But it doesn’t stop there—now it’s inside us too. As the era of “connected everything” explodes, so does the use of network-connected medical devices. These interconnected devices, ranging from hospital imaging equipment to implantable pacemakers to infusion pumps, help healthcare providers and patients in a variety of […]

Continue Reading...

Hacking Security is a monthly podcast on emerging trends in application security development. What is Hacking Security? Episode 1 covers how we came up with the name “Hacking Security.” Why did we decide on this name? Take five minutes to learn more, or read the transcript below. Follow Steve Giguere on Twitter Read Steve Giguere’s […]

Continue Reading...

This article was originally published in Forbes. The cybersecurity of connected medical devices—notoriously poor for decades—should finally start to improve. That is genuinely good news. But it is tempered by the reality that it will not happen quickly. The long-overdue change is coming thanks to the federal Food and Drug Administration’s (FDA) announcement in June that it […]

Continue Reading...

All systems are go. We have liftoff. Let’s write some CodeXM. If you’ve read the previous two posts, you should come away with a sense that writing a CodeXM checker isn’t rocket science. Let’s put that to the test. In order to get this hands-on experience, you should have access to an installed version of […]

Continue Reading...

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? CamuBot malware is the new kid on the block, the sounds of hacking (SonarSnoop), and back to the government’s wish for chat backdoors. Watch this […]

Continue Reading...