Software Integrity

Search Results for 'rasp'

 

Struts flaw, SAST, IAST, DAST & RASP primer, hacking planes, ATMs, and water heaters

We wind up the month of August with stories on the latest Apache Struts hack—bad news, if you remember Equifax—and what you need to do now to protect yourself. Plus news on plane, ATM, and even water heater hacks, and a primer on what to look for in SAST, DAST, IAST, and RASP tools. Stay […]

Continue Reading...

Posted in Open Source Security | Comments Off on Struts flaw, SAST, IAST, DAST & RASP primer, hacking planes, ATMs, and water heaters

 

Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP

Every application security testing tool—SAST, IAST, DAST, and RASP—has its distinct advantages, but you’ll get the best results when you use them together.

Continue Reading...

Posted in Infographic, Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP

 

How RASP complements application security testing to minimize risk

In the era of agile development and outsourcing, implementing a secure software development life cycle (SSDLC) is critical. However, it may not help you achieve the level of risk mitigation you desire. You may need to extend your software security approach to provide an additional layer of protection for applications once they have been deployed. […]

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on How RASP complements application security testing to minimize risk

 

The what, why, and who of runtime application self-protection (RASP)

What is runtime application self-protection? According to Gartner, runtime application self-protection is “a security technology that is built on or linked into an application runtime environment, and is capable of controlling application execution, and detecting and preventing real-time attacks.” RASP security products integrate with an application to prevent attacks at runtime by monitoring and analyzing traffic […]

Continue Reading...

Posted in Web Application Security | Comments Off on The what, why, and who of runtime application self-protection (RASP)

 

Alphabet soup: SAST, DAST, IAST, and RASP explained

Turns out that the most important part of a software security initiative is FIXing the bugs that you FIND no matter how you find the bugs. So just what do all of the alphabet soup tools do? How do they help you fix what you find? And how do they scale? FWIW, tools of all […]

Continue Reading...

Posted in Cloud Security, Static Analysis (SAST), Web Application Security | Comments Off on Alphabet soup: SAST, DAST, IAST, and RASP explained

 

Both consumers and retailers need to up their cyber security to make holidays happy

We’ve got some Black Friday advice for retailers and shoppers who want to keep everyone’s data safe and secure, for a truly happy holiday season.

Continue Reading...

Posted in General | Comments Off on Both consumers and retailers need to up their cyber security to make holidays happy

 

Need a job? Consider a career in cyber security | NCSAM at Synopsys

Now more than ever, deciding on a career is a daunting prospect. Yes, unemployment’s at a record low, and new jobs will inevitably replace whatever jobs are lost to “progress.” But those seeking new careers now have to consider that their next career will probably not be their last one. Between artificial intelligence, robots, and […]

Continue Reading...

Posted in General | Comments Off on Need a job? Consider a career in cyber security | NCSAM at Synopsys

 

Spectre checker keeps up with the latest exploits

In a recent blog post, Detecting Spectre vulnerability exploits with static analysis, we showed how developers can use static analysis to help protect their applications from the Spectre variant 1 vulnerability (bounds check bypass). Synopsys Software Integrity Group released a checker for Coverity (AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK) that helps developers identify vulnerable code. The result is increased protection against Spectre […]

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Spectre checker keeps up with the latest exploits

 

Remediating XSS: Does a single fix work?

A very common type of injection defect is cross-site scripting (also known as XSS or HTML injection). Many developers struggle with remediation of XSS because of a misunderstanding of the difference between validation, sanitization, and normalization/canonicalization. Lately, even some security vendors have started suggesting “fixing” injection defects close to the source rather than close to […]

Continue Reading...

Posted in Security Standards and Compliance | Comments Off on Remediating XSS: Does a single fix work?

 

GDPR Readiness Summit: Preparing for May 2018

There has been much buzz about the GDPR (Global Data Protection Regulation) set to go into effect in May of 2018. Black Duck discussed the topic in our legal track at the Black Duck FLIGHT 2017 user conference, where Daniel Hedley from Irwin Mitchell looked at how European companies are preparing for GDPR.

Continue Reading...

Posted in Open Source Security, Security Standards and Compliance | Comments Off on GDPR Readiness Summit: Preparing for May 2018