Software Integrity Blog

Search Results for 'cryptography'


Software security myth #4: Software security is a cryptography problem

Software security isn’t the same thing as security software. You can use a crypto library to add a security feature to an application, but that’s not the same thing as making an application secure. The liberal application of magic crypto fairy dust to your code will provide no security by magic. (In fact, the same myth applies to any particular security feature, not just crypto.) Software security needs to be built in from the ground up. As such, cryptography makes the list of software security myths at number four.

Continue Reading...

Posted in General, Maturity Model (BSIMM), Web Application Security


Treating security like safety: What the FDA’s recognition of UL 2900-2-1:2018 means for developers

UL 2900-2-1 calls for the secure design and security testing of medical devices. What does the FDA’s adoption of the standard mean for your development team?

Continue Reading...

Posted in Healthcare Security


At RSA, it is clear encryption divide is as wide as ever

Selective encryption backdoors don’t work; the laws of mathematics don’t know or care who you are. But the concept was still under intense debate at RSA 2019.

Continue Reading...

Posted in General


Hacking Security Episode 4: DevSecOps with Meera Rao

Hacking Security is a monthly podcast on emerging trends in application security. In Episode 4, secure development expert Meera Rao discusses DevSecOps.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Developer Enablement, General


Top 10 software vulnerability list for 2019

The common software vulnerabilities on our top 10 software vulnerability list for 2019 are easy to find and fix with the right AppSec tools and guidance.

Continue Reading...

Posted in Mobile Application Security, Web Application Security


Better passwords in California won’t help much

California is all done with weak passwords.

Continue Reading...

Posted in General, Internet of Things, Security Standards and Compliance


Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

This is the first of two articles that describe how to use the Defensics SDK to fuzz Bitcoin software. Specifically, you will learn how to model one of the Bitcoin protocol messages and use the Defensics SDK to perform fuzzing on the bitcoind process.

Continue Reading...

Posted in Developer Enablement, Fuzz Testing


CamuBot malware, SonarSnoop hacking, and government backdoors

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? CamuBot malware is the new kid on the block, the sounds of hacking (SonarSnoop), and back to the government’s wish for chat backdoors. Watch this week’s episode below.

Continue Reading...

Posted in General


Bad Signal gets quick fix

It looked like a bright spot in a gloomy week for the encrypted messaging app Signal. And it was, in fact, a positive thing—a patch for a serious XSS (cross-site scripting) vulnerability that the company made available only hours after a public report of the problem. It just wasn’t quite as bright a moment as it initially appeared.

Continue Reading...

Posted in Software Architecture and Design


IMF wants to pierce the blockchain anonymity veil

Anonymity—one of the biggest draws of cryptocurrency and the blockchain infrastructure it depends on—could get turned on its head if the vision of the head of the International Monetary Fund (IMF) comes true.

Continue Reading...

Posted in Financial Services Security