Software Security

Archive for July 2015

 

3 reasons software security governance is essential to your business

If you’re attempting to create and maintain secure software and you’re operating without a clear governance structure, here are five reasons you should reconsider.

Continue Reading...

Posted in Security Standards and Compliance, Software Development Life Cycle (SDLC), Software Security Program Development, Software Security Testing | Comments Off on 3 reasons software security governance is essential to your business

 

Here in my car…

On July 24th, 2015 FIAT CHRYSLER CARS announced a recall of 1.4 million vehicles to correct a cybersecurity issue that a Wired reporter unveiled on the world earlier that same week. In his video report, the reporter showed how the enterprising security researchers Charlie Miller and Chris Valasek could remotely hack into the vehicle via […]

Continue Reading...

Posted in Automotive Security | Comments Off on Here in my car…

 

How to build a red teaming playbook

Red teaming is an iterative process that includes three main components: recon, enumeration and attack. First, we emulate a defined adversary (anything from a script kiddie to an APT threat actor). Then we iterate through the recon/enumeration/attack components repeatedly until we have obtained our defined goal, such as obtaining sensitive client data. 3 ways to […]

Continue Reading...

Posted in Red Teaming, Software Security Testing | Comments Off on How to build a red teaming playbook

 

How to build a game-changing red team

Putting together a game-changing red team requires finding the right personnel with the malicious mindset, technical talent and vision to drive the program to success. This team must have a leader who can drive the program and technical staff who will perform the day-to-day activities. Putting together an impactful and game-changing red team will increase […]

Continue Reading...

Posted in Red Teaming | Comments Off on How to build a game-changing red team

 

The secret to red teaming: Thinking maliciously

The technical people who drive our innovation are, for most purposes, well meaning. They create technology which has shaped our way of life, and done what many would have previously considered unthinkable. These developers and engineers are wonderful at conceiving and building systems. However, they are horrible at understanding how to break them. As the […]

Continue Reading...

Posted in Data Breach, Internet of Things, Red Teaming | Comments Off on The secret to red teaming: Thinking maliciously

 

Why managed application security services?

Firms often debate on whether it’s better to do dynamic testing in-house or to outsource the work. Only you can decide what’s best for your organization, but we’ve listed four benefits to working with a managed services partner like Synopsys before you consider before making your decision. On-demand testing. The Synopsys portal empowers on-demand testing […]

Continue Reading...

Posted in Application Security, Software Security Testing | Comments Off on Why managed application security services?

 

Samsung Swiftkey: The latest AppSec vulnerability highlights

The Samsung Smartphone Swiftkey security slipup grabbed headlines in mid-June when it was discovered that 600 million Samsung Smartphones were vulnerable to remote code execution (RCE) attacks. Synopsys’ security experts were all over the issue, providing analysis of the problem and guidance to help organizations avoid the same common software design flaws. Jim DelGrosso explained […]

Continue Reading...

Posted in Application Security, Mobile Application Security, Software Security Testing, Vulnerability Assessment | Comments Off on Samsung Swiftkey: The latest AppSec vulnerability highlights