Software Integrity

Archive for 2016

 

AngularJS 1.6: Life outside the sandbox

AngularJS 1.6 was recently released. With this release comes several impactful changes. One such change to note is the removal of the expression sandbox. This was a predicted change that was first announced in early September. If you haven’t already evaluated the impact of this on your Angular code in preparation for the changes, it’s […]

Continue Reading...

Posted in JavaScript Security, Software Security Testing, Threat Intelligence, Vulnerability Assessment | Comments Off on AngularJS 1.6: Life outside the sandbox

 

How to assess the risk of seemingly correct software

As the prevalence of software continues to trend upwards with time, a common assumption is that it is becoming more feature-rich and reliable. However, most in the software industry wouldn’t hesitate to point out how difficult it actually is to achieve fully-working software. In fact, when calculating software risk, a key assumption is that it […]

Continue Reading...

Posted in Security Risk Assessment, Software Security Testing | Comments Off on How to assess the risk of seemingly correct software

 

5 security industry buzzwords we love to hate

Computing security is an interesting space. One of the main aspects that makes it interesting is that there are many security terms that are ambiguous. With some words, we have no idea why we’ve come to use them! While these buzzwords aren’t going away any time soon, here is a list of buzzwords that most of the […]

Continue Reading...

Posted in Cloud Security, Ethical Hacking, Software Security Testing | Comments Off on 5 security industry buzzwords we love to hate

 

SQL injection cheat sheet: How to prevent attacks

SQL injection takes place when database software can’t tell the difference between arbitrary data from the user and genuine commands from the application. When an attacker injects commands into the data they send to a database, they can take database control away from the application owner. This can lead to data corruption, leaks of confidential […]

Continue Reading...

Posted in Software Security Testing, Vulnerability Assessment | Comments Off on SQL injection cheat sheet: How to prevent attacks

 

Synopsys finds bluetooth memory vulnerability in MacOS/OS X

On Tuesday, researchers at Synopsys were credited in an Apple Update with finding a Bluetooth vulnerability in its operating system. The Cupertino-based computer company disclosed a memory corruption issue as one of three affecting its Bluetooth stack. The effect of this specific unpatched vulnerability is that an application may be able to execute arbitrary code […]

Continue Reading...

Posted in Fuzz Testing, Vulnerability Assessment | Comments Off on Synopsys finds bluetooth memory vulnerability in MacOS/OS X

 

Mark your calendar: RSA USA 2017 is almost here

RSA Conference 2017 is taking place at the Moscone Center in San Francisco from February 13-17, 2017. While you’re there, be sure to stop by South Hall booth #1933 where we’ll be hosting prize giveaways, offering product demos, and setting up time to discuss our offerings in more detail. Also stop by to visit us at […]

Continue Reading...

Posted in Application Security, Mobile Application Security, Network Security, Security Conference or Event, Web Application Security | Comments Off on Mark your calendar: RSA USA 2017 is almost here

 

Software glitch causes FAA to order Boeing 787s powered down

Until Boeing provides a permanent software fix, airlines with 787 Dreamliners in their fleet will have to power down the planes once every 22 days. A software glitch that could result in the loss of controllability for the 787s manifests itself after several hours of continuous use. The FAA says “all three flight control modules […]

Continue Reading...

Posted in Embedded Software Testing, Security Standards and Compliance | Comments Off on Software glitch causes FAA to order Boeing 787s powered down

 

Command injection vulnerability in Locus Energy Solar Panels patched

A command injection vulnerability (CWE-73) disclosed within the software used by Locus Energy solar panels has now been patched by the company. An ICS-CERT advisory dated December 6, 2016, Daniel Reich, an independent researcher, was credited with finding the vulnerability in several versions of the LGate solar panel. Because the web server on these vulnerable […]

Continue Reading...

Posted in Industrial Control System Security, Vulnerability Assessment | Comments Off on Command injection vulnerability in Locus Energy Solar Panels patched

 

Nintendo launches bug bounty for DS3

Japanese gaming company Nintendo is offering researchers up to $20,000 for critical security vulnerabilities found in its 3DS family of consoles. Rewards will fall between $100 and $20,000 and per the company “only interested in vulnerability information regarding the Nintendo 3DS™ family of systems and … not seeking vulnerability information regarding other Nintendo platforms, network […]

Continue Reading...

Posted in Application Security, Vulnerability Assessment | Comments Off on Nintendo launches bug bounty for DS3

 

Researchers hijack automotive mobile apps

Last month researchers demonstrated how a mobile app for Tesla–or any other connected car — can be hacked, enabling criminal hackers to locate, unlock, and potentially steal a Tesla vehicle. Researchers from Promon disclosed a vulnerability in the mobile app used by Telsa customers to access their vehicles. According to the researchers this attack is […]

Continue Reading...

Posted in Automotive Security, Mobile Application Security | Comments Off on Researchers hijack automotive mobile apps