Software Integrity

Search Results for 'cryptography'

 

Software security myth #4: Software security is a cryptography problem

Software security isn’t the same thing as security software. You can use a crypto library to add a security feature to an application, but that’s not the same thing as making an application secure. The liberal application of magic crypto fairy dust to your code will provide no security by magic. (In fact, the same […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Security Initiative (SSI), Web Application Security | Comments Off on Software security myth #4: Software security is a cryptography problem

 

Better passwords in California won’t help much

California is all done with weak passwords. Well, not right now, but it says it will be done with them for internet-connected devices in another 14 months—starting Jan. 1, 2020. From then on, the Information Privacy: Connected Devices bill, signed earlier this month by Gov. Jerry Brown, will require each such device to have a […]

Continue Reading...

Posted in Internet of Things, Legal, Security Standards and Compliance | Comments Off on Better passwords in California won’t help much

 

Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

This is the first of two articles that describe how to use the Defensics SDK to fuzz Bitcoin software. Specifically, you will learn how to model one of the Bitcoin protocol messages and use the Defensics SDK to perform fuzzing on the bitcoind process. This is an advanced technical tutorial, and you will need some background […]

Continue Reading...

Posted in Developer Enablement, Fuzz Testing | Comments Off on Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

 

CamuBot malware, SonarSnoop hacking, and government backdoors

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? CamuBot malware is the new kid on the block, the sounds of hacking (SonarSnoop), and back to the government’s wish for chat backdoors. Watch this […]

Continue Reading...

Posted in Government Security, Weekly Security Mashup | Comments Off on CamuBot malware, SonarSnoop hacking, and government backdoors

 

Bad Signal gets quick fix

It looked like a bright spot in a gloomy week for the encrypted messaging app Signal. And it was, in fact, a positive thing—a patch for a serious XSS (cross-site scripting) vulnerability that the company made available only hours after a public report of the problem. It just wasn’t quite as bright a moment as […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Bad Signal gets quick fix

 

IMF wants to pierce the blockchain anonymity veil

Anonymity—one of the biggest draws of cryptocurrency and the blockchain infrastructure it depends on—could get turned on its head if the vision of the head of the International Monetary Fund (IMF) comes true. Christine Lagarde, managing director of the IMF, called in a recent blog post for more regulation of the cryptocurrency market—to include the […]

Continue Reading...

Posted in Financial Services Security | Comments Off on IMF wants to pierce the blockchain anonymity veil

 

Debunking the top 5 Defensics fuzz testing myths

Written in coordination with Chris Clark, Defensics product manager Over the last year, we’ve noticed a rise in Defensics myths. Admittedly, this doesn’t surprise me. Myths abound in technology markets, where facts and figures often stand in contrast to conventional wisdom, and the fuzz testing market is a particularly challenging one to navigate. I suspect […]

Continue Reading...

Posted in Fuzz Testing | Comments Off on Debunking the top 5 Defensics fuzz testing myths

 

Customer driven features live in Black Duck 4.4 release

How can you not love customer feedback when it helps you improve your product? At our recent FLIGHT conference, I had the opportunity to speak to a lot of customers, plus detailed discussions with our Customer Advisory Board members. This knowledge helped us build out the latest release of Black Duck with new features that […]

Continue Reading...

Posted in Open Source Security, Software Composition Analysis | Comments Off on Customer driven features live in Black Duck 4.4 release

 

Blockchain security and the cryptocurrency boom, Part 1: Theory

Thanks to Bitcoin, it’s fair to say that “blockchain” is a buzzword at the moment—like DevOps, or Zumba. This article isn’t going to dive into what a blockchain is, because many others out there already do that. Here’s a pretty good one that has a snappy description of the evolution of Bitcoin and its symbiotic […]

Continue Reading...

Posted in Financial Services Security | Comments Off on Blockchain security and the cryptocurrency boom, Part 1: Theory

 

Attacks on TLS vulnerabilities: Heartbleed and beyond

Over the past few years, we’ve seen a variety of TLS vulnerabilities steadily surface. In general, we brand each one as “just another TLS vulnerability,” but the intricacies of each are rather distinct, though not horribly convoluted. Let’s walk through a few together.  2014: Heartbleed and POODLE Heartbleed affects the OpenSSL library’s implementation of a […]

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Attacks on TLS vulnerabilities: Heartbleed and beyond