Software Integrity

Search Results for 'pen testing'

 

Pen testing best practices to take the pain out of penetration testing

I encounter many techies who love the science of penetration testing. They’re captivated by the technology stack, the vulnerabilities, and the tools at their disposal. But, at the same time, they find the task of pen testing itself aggravating and stressful. A real pain. Why is that? I noticed a common theme in their explanations […]

Continue Reading...

Posted in Web Application Security | Comments Off on Pen testing best practices to take the pain out of penetration testing

 

Is pen testing security testing?

Some people start “Security Testing” by buying and using a pen-test tool on project. Such tools uncover security vulnerabilities (though they seldom help with root cause analysis or even obtaining double-digit code coverage). These tools are degenerate, at best, in facilitating a security testing strategy. Why? Because, these tools are “black box” tools. What are […]

Continue Reading...

Posted in Web Application Security | Comments Off on Is pen testing security testing?

 

Software security myth #3: Penetration testing solves everything

Security testing is important. Conducting specialized penetration tests at the end of the software development life cycle (SDLC) can be a rewarding security activity for your organization. Penetration testing is, after all, the most frequently and commonly applied of all software security practices. But, this isn’t necessarily a good thing. This is why penetration testing […]

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on Software security myth #3: Penetration testing solves everything

 

Is conventional penetration testing enough to secure eCommerce applications?

Can your customers trust you to process their transactions and safeguard their personal information? Can you be sure online sales follow the business rules you’ve put in place? If you are like most eCommerce companies, you’ve been pushing the envelope to create applications that are increasingly easy to use, accessible from any device, and personalized […]

Continue Reading...

Posted in Software Architecture and Design, Web Application Security | Comments Off on Is conventional penetration testing enough to secure eCommerce applications?

 

Open Source Security Research Group gets a new office

Synopsys is well-known for our software integrity portfolio: integrated testing tools, managed services, professional services, and developer education. But products, services, and training aren’t all we offer. We also perform hundreds of Black Duck On-Demand open source audits every year. And all that audit data fuels the open source security research and vulnerability analysis we […]

Continue Reading...

Posted in General | Comments Off on Open Source Security Research Group gets a new office

 

Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP

Every application security testing tool—SAST, IAST, DAST, and RASP—has its distinct advantages, but you’ll get the best results when you use them together.

Continue Reading...

Posted in Infographic, Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP

 

How RASP complements application security testing to minimize risk

In the era of agile development and outsourcing, implementing a secure software development life cycle (SSDLC) is critical. However, it may not help you achieve the level of risk mitigation you desire. You may need to extend your software security approach to provide an additional layer of protection for applications once they have been deployed. […]

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on How RASP complements application security testing to minimize risk

 

Open source security risk on the rise owing to unpatched software

A slight change of pace for this week’s issue of Software Integrity Insight, as we focus on the release of the 2018 Open Source Security and Risk Analysis, which analyzes the audit results of over 1,100 commercial codebases from over 500 organizations and examines the open source security and licensing news of 2017. We think […]

Continue Reading...

Posted in Open Source Security | Comments Off on Open source security risk on the rise owing to unpatched software

 

How to break car kits with Bluetooth fuzz testing

How do you find vulnerabilities and issues in Bluetooth-enabled devices? One of our favorite methods is fuzzing. Learn how to fuzz test Bluetooth car kits.

Continue Reading...

Posted in Automotive Security, Fuzz Testing | Comments Off on How to break car kits with Bluetooth fuzz testing

 

GitHub finds 4M flaws, IAST Magic Quadrant, 2018 Open Source Rookies

A big news week for Synopsys as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cybersecurity news in this week’s Open Source Insight!

Continue Reading...

Posted in Open Source Security | Comments Off on GitHub finds 4M flaws, IAST Magic Quadrant, 2018 Open Source Rookies