Jonathan Knudsen likes to break things. He has tested all kinds of software, from network infrastructure and medical devices to cryptocurrency nodes. Jonathan has worked as a developer, consultant, and author. He has published books about 2D graphics, cryptography, and Lego robots, and has written more than one hundred articles on a wide range of technical subjects.
Our longtime remote employees have some tips for working from home to keep you sane, and your company’s assets secure, during a strange, stressful time.
Posted in Application Security | Comments Off on Tips for working from home without losing your marbles or compromising security
Modern software is a bit like manufacturing: gluing open source components together using proprietary code and tracking everything with a bill of materials.
Posted in Featured, Open Source Security, Software Composition Analysis (SCA) | Comments Off on How to Cyber Security: Software is manufacturing
To get security testing results in front of developers, who are in the best position to address them effectively, you need automation and integration.
Posted in Application Security, Developer Enablement | Comments Off on How to Cyber Security: It’s all about developers, except when it’s not
If you keep taking small steps toward cyber security, even if it seems nothing is happening, you’ll eventually get to a state where your risk is much lower.
Posted in Application Security, Software Security Program | Comments Off on How to Cyber Security: A journey of a thousand miles
Information technology is the fundamental sector on which all others depend. Software is critical infrastructure and deserves the same security investment.
Posted in Software Security Program | Comments Off on How to Cyber Security: Software is critical infrastructure
In a unicorn world, the cyber security group helps lift the organization and work security into all aspects of software development and operations.
Posted in Security Training & Awareness, Software Security Program | Comments Off on How to Cyber Security: Unicorns and donkeys
This is the second of two articles that describe how to use the Defensics SDK in fuzzing Bitcoin. In the previous article, you saw how to set up a test bed for bitcoind. We created two containers, alice and bob, and were able to set up communication between the two bitcoind instances. In this article, you’ll learn how to create a data model for the Bitcoin network protocol, then use this model in the Defensics SDK to perform fuzzing on bitcoind.
Posted in Developer Enablement, Fuzz Testing | Comments Off on Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol
This is the first of two articles that describe how to use the Defensics SDK to fuzz Bitcoin software. Specifically, you will learn how to model one of the Bitcoin protocol messages and use the Defensics SDK to perform fuzzing on the bitcoind process.
Posted in Fuzz Testing | Comments Off on Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network
This past weekend, I had the pleasure of helping with the Security of Things event at the MIT Media Lab in Cambridge, Massachusetts. The purpose was to examine the security of Internet of Things (IoT) devices using Synopsys tools. The spirit of the event was a hackathon: let’s see what we can break in a couple of days!
Posted in Application Security | Comments Off on Synopsys at MIT Media Lab Hackathon
