Software Integrity

Archive for the 'Application Security' Category

 

Meet Auntie MISRA

Seems we all have one: that distant aunt. You know the one I’m talking about. Always dressed to the nines. Always perfectly coiffured. Every detail just so. And that tiny Jack Russell that did tricks on command, never yapped (unless told to “speak”), and was always at her side, springing up to her lap when she pulled out […]

Continue Reading...

Posted in Application Security, Secure Coding Guidelines, Security Standards and Compliance | No Comments »

 

Devil’s Ivy security vulnerability leaves IoT devices at risk

A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other IoT devices) at risk. On Tuesday, IoT researchers at Senrio disclosed a hackable flaw they’re calling “Devil’s Ivy.” Officially known as CVE-2017-9765, the vulnerability is a stack buffer overflow that, if successfully […]

Continue Reading...

Posted in Application Security, Data Breach, Featured, Internet of Things | No Comments »

 

How to reduce risk while saving on the cost of resolving security defects

Originally posted on SecurityWeek.  1. Shift Left. 2. Test earlier in the development cycle.  3. Catch flaws in design before they become vulnerabilities. These are all maxims you hear frequently in the discussion surrounding software security. If this is not your first visit to one of my columns it is certainly not the first time […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM), Software Quality | No Comments »

 

Here’s how to dress for software integrity success at Black Hat USA 2017

Black Hat USA 2017 takes place from July 22-27 at Mandalay Bay in sunny Las Vegas! What’s Synopsys up to at Black Hat USA 2017? During the event, be sure to stop by booth #1132 to pick up a t-shirt. Who doesn’t love a free t-shirt, right?! If someone from the Synopsys team spots you […]

Continue Reading...

Posted in Application Security, Featured, Security Conference or Event | No Comments »

 

Is threat modeling compatible with Agile and DevSecOps?

Bryan Sullivan, a Security Program Manager at Microsoft, called threat modeling a “cornerstone of the SDL” during a Black Hat Conference presentation. He calls it a ‘cornerstone’ because a properly executed threat model: Finds architectural and design flaws that are difficult or impossible to detect through other methods. Identifies the most ‘at-risk’ components. Helps stakeholders […]

Continue Reading...

Posted in Agile Methodology, Application Security, DevOps | Comments Off on Is threat modeling compatible with Agile and DevSecOps?

 

Building your DevSecOps pipeline: 5 essential activities

No matter what you call it, SecDevOps, DevSecOps, or DevOpsSec, you have to build security into your continuous integration, continuous delivery, and continuous deployment pipeline. This checklist will guide you through the DevSecOps journey—as we’ll call it within this checklist—to assure that you’re integrating security into your pipeline. Here, we’re going to look at each of […]

Continue Reading...

Posted in Application Security, DevOps, Software Security Testing, Vulnerability Assessment | Comments Off on Building your DevSecOps pipeline: 5 essential activities

 

Beyond WannaCry and NotPetya / Petya: What’s next for enterprises?

This week’s malware outbreak that removed computer data capabilities from large enterprises worldwide is now thought to have been designed to damage, not to earn profit. Therefore, it only masquerades as traditional ransomware. First seen on Tuesday, NotPetya/Petya is like last month’s WannaCry in that it displayed a ransom request of $300 in BitCoin on […]

Continue Reading...

Posted in Application Security, Data Breach | Comments Off on Beyond WannaCry and NotPetya / Petya: What’s next for enterprises?

 

Launching this August: Synopsys Software Integrity Community

We’re excited to announce the launch of the Synopsys Software Integrity Community this August. This is an opportunity for people like you, Synopsys users and tech enthusiasts alike, to come together on one platform to discuss software security and quality assurance. What are the goals of the community? Empower Synopsys users and security aficionados as […]

Continue Reading...

Posted in Application Security, Software Quality | Comments Off on Launching this August: Synopsys Software Integrity Community

 

PetrWrap/Petya ransomware spreading globally: Here’s what you need to know

Another round of ransomware (malware that encrypts the contents of a hard drive until a paid BitCoin ransom unlocks them) is spreading globally. The new ransomware, known as PetrWrap/Petya, is similar and yet significantly different than WannaCry. Unlike the previous attack, PetrWrap/Petya is a virus that spreads by spam campaigns using malicious Microsoft Word documents. Therefore, it […]

Continue Reading...

Posted in Application Security, Data Breach | Comments Off on PetrWrap/Petya ransomware spreading globally: Here’s what you need to know

 

OWASP Top 10—A7: Request for removal and replacement

Foreword by Jim Ivers Vice President, Marketing, Synopsys Software Integrity Group If you’re a software security professional, you’re probably familiar with the OWASP Top 10. Even if you aren’t in the AppSec trenches every day, you may have heard of it. It’s a widely referenced list of the 10 most critical web application security risks […]

Continue Reading...

Posted in Application Security | Comments Off on OWASP Top 10—A7: Request for removal and replacement