Software Integrity

Archive for March 2015

 

You can’t take a one-size-fits-all approach to application security

What’s in your security toolbox? If you’ve invested in a tool to assist with your security efforts, you’re not alone. According to a recent survey by 451 Research, tool acquisition is on the rise: Web application scanning (dynamic scanning) – 60% adoption rate Web application firewalls – 38% adoption rate Database security – 36% adoption […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Static Analysis (SAST) | Comments Off on You can’t take a one-size-fits-all approach to application security

 

Is conventional penetration testing enough to secure eCommerce applications?

Can your customers trust you to process their transactions and safeguard their personal information? Can you be sure online sales follow the business rules you’ve put in place? If you are like most eCommerce companies, you’ve been pushing the envelope to create applications that are increasingly easy to use, accessible from any device, and personalized […]

Continue Reading...

Posted in Penetration Testing, Threat Modeling, Vulnerability Assessment | Comments Off on Is conventional penetration testing enough to secure eCommerce applications?

 

The 3 laws of Robots.txt

Today, I will discuss how the robots.txt can be used by attackers to gain a foothold in your environment and how a low risk finding in the robots.txt file can lead to further compromise. The robots.txt file is the defacto standard used by website developers. For the purposes of this post, I will use content management […]

Continue Reading...

Posted in Application Security, Security Risk Assessment, Software Security Testing, Vulnerability Assessment | Comments Off on The 3 laws of Robots.txt

 

How to eliminate malicious code within your software supply chain

Everyone wants to believe that the code developed within a trusted software supply chain is legitimate. The unfortunate reality is that malicious coders have subtle ways to secretly embed code that exposes your business to risk. Malicious code can be challenging to recognize and can remain undetected within applications long before it causes damage. Unless […]

Continue Reading...

Posted in Software Security Testing | Comments Off on How to eliminate malicious code within your software supply chain

 

Synopsys celebrates International Women’s Day every day

Post co-authored by Meera Subbarao, Apoorva Phadke, and Ksenia Dmitrieva Every year International Women’s Day is celebrated on March 8th and this year the United Nations theme for 2015 is “Empowering Women: Empowering Humanity.” As professional women we have to ask, “Are we making enough effort to empower women in technology? How about the leadership […]

Continue Reading...

Posted in Application Security | Comments Off on Synopsys celebrates International Women’s Day every day

 

CSI: Cyber is technically painful to watch

Last night, a few of my brave Synopsys peers stepped away from their regularly scheduled lives to join me in watching the new CBS show CSI: Cyber. Even before the start of the show jokes were flying in anticipation of all that could go wrong based on past portrayals of  tech on TV. Early on in […]

Continue Reading...

Posted in Internet of Things | Comments Off on CSI: Cyber is technically painful to watch