Software Integrity Blog

Author Archive

Jonathan Knudsen

jknudsen

Jonathan Knudsen likes to break things. He has tested all kinds of software, from network infrastructure and medical devices to cryptocurrency nodes. Jonathan has worked as a developer, consultant, and author. He has published books about 2D graphics, cryptography, and Lego robots, and has written more than one hundred articles on a wide range of technical subjects.


Posts by Jonathan Knudsen:

 

Tips for working from home without losing your marbles or compromising security

Our longtime remote employees have some tips for working from home to keep you sane, and your company’s assets secure, during a strange, stressful time.

Continue Reading...

Posted in Application Security | Comments Off on Tips for working from home without losing your marbles or compromising security

 

How to Cyber Security: Software is manufacturing

Modern software is a bit like manufacturing: gluing open source components together using proprietary code and tracking everything with a bill of materials.

Continue Reading...

Posted in Featured, Open Source Security, Software Composition Analysis (SCA) | Comments Off on How to Cyber Security: Software is manufacturing

 

How to Cyber Security: It’s all about developers, except when it’s not

To get security testing results in front of developers, who are in the best position to address them effectively, you need automation and integration.

Continue Reading...

Posted in Application Security, Developer Enablement | Comments Off on How to Cyber Security: It’s all about developers, except when it’s not

 

How to Cyber Security: A journey of a thousand miles

If you keep taking small steps toward cyber security, even if it seems nothing is happening, you’ll eventually get to a state where your risk is much lower.

Continue Reading...

Posted in Application Security, Software Security Program | Comments Off on How to Cyber Security: A journey of a thousand miles

 

How to Cyber Security: Software is critical infrastructure

Information technology is the fundamental sector on which all others depend. Software is critical infrastructure and deserves the same security investment.

Continue Reading...

Posted in Software Security Program | Comments Off on How to Cyber Security: Software is critical infrastructure

 

How to Cyber Security: Unicorns and donkeys

In a unicorn world, the cyber security group helps lift the organization and work security into all aspects of software development and operations.

Continue Reading...

Posted in Security Training & Awareness, Software Security Program | Comments Off on How to Cyber Security: Unicorns and donkeys

 

Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol

This is the second of two articles that describe how to use the Defensics SDK in fuzzing Bitcoin. In the previous article, you saw how to set up a test bed for bitcoind. We created two containers, alice and bob, and were able to set up communication between the two bitcoind instances. In this article, you’ll learn how to create a data model for the Bitcoin network protocol, then use this model in the Defensics SDK to perform fuzzing on bitcoind.

Continue Reading...

Posted in Developer Enablement, Fuzz Testing | Comments Off on Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol

 

Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

This is the first of two articles that describe how to use the Defensics SDK to fuzz Bitcoin software. Specifically, you will learn how to model one of the Bitcoin protocol messages and use the Defensics SDK to perform fuzzing on the bitcoind process.

Continue Reading...

Posted in Fuzz Testing | Comments Off on Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

 

Synopsys at MIT Media Lab Hackathon

This past weekend, I had the pleasure of helping with the Security of Things event at the MIT Media Lab in Cambridge, Massachusetts. The purpose was to examine the security of Internet of Things (IoT) devices using Synopsys tools. The spirit of the event was a hackathon: let’s see what we can break in a couple of days!

Continue Reading...

Posted in Application Security | Comments Off on Synopsys at MIT Media Lab Hackathon