Software Security

Archive for the 'Application Security' Category

 

When should threat modeling take place in the SDLC?

So, your firm has one or two, maybe tens, or even hundreds of applications built and deployed. And now you want to create threat models for those applications. But, why? Let’s find out. Why create application threat models? To identify potential flaws that have been there since the applications were created. And then there are […]

Continue Reading...

Posted in Application Security, Threat Modeling | No Comments »

 

Synopsys report finds the medical device industry vulnerable to attack

In a new report, Synopsys found that 67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organization is likely to occur over the next 12 months. The Synopsys report, Medical Device Security: An Industry Under Attack and Unprepared to […]

Continue Reading...

Posted in Application Security, Medical Device Security | No Comments »

 

Fault Injection Podcast .001: Paging Dr. McCoy

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report from Synopsys and the Ponemon Institute on medical device security. You can always join […]

Continue Reading...

Posted in Application Security, Healthcare Security, Medical Device Security | No Comments »

 

Don’t fall victim to these 5 WannaCry ransomware misconceptions

With a technical story like WannaCry, there are bound to be some falsehoods spread as fact. As with any misconception, there is often a kernel of truth. More often though, the answer is more complicated than it first seems. Here are a few important falsehoods that have been circulating in the last 48 hours: WannaCry spreads via […]

Continue Reading...

Posted in Application Security, Data Breach | No Comments »

 

In the wake of WannaCry: What we now know and how to move forward

Last Friday, a piece of malware known as WannaCry (WanaCrypt0r 2.0/WCry) infected over 200,000 Windows-based machines in over 150 countries. What made this malware different was that it encrypted the hard drive, withholding the contents until the victim paid $300 BitCoins. While ransomware itself is not new, the rapid spread of WannaCry caught many people […]

Continue Reading...

Posted in Application Security, Data Breach | No Comments »

 

WannaCry ransomware attack takes the world by storm

On Friday, several organizations around the world fell victim to a wave of ransomware that swept the globe. Ransomware is malware that encrypts the hard drives of compromised machines until the owner makes full payment. Such attacks have been persistent but relatively quiet. Until now, ransomware had been confined to limited or one-off events. A […]

Continue Reading...

Posted in Application Security, Data Breach | Comments Off on WannaCry ransomware attack takes the world by storm

 

Synopsys launches the Fault Injection Podcast

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. Hosts Chris Clark, Principal Security Engineer at Synopsys, and Robert Vamosi, CISSP and Security Strategist at Synopsys, provide a forum for industry experts to talk about software security topics and their intersection with specific verticals such as medical, automotive, and […]

Continue Reading...

Posted in Application Security, Ethical Hacking, Network Security, Software Security Testing, Web Application Security | Comments Off on Synopsys launches the Fault Injection Podcast

 

DoublePulsar continues to expose older Windows boxes: What you need to know

A hacking tool leaked in April by a mysterious organization is attacking older Windows boxes, exposing gaps in organizational update and upgrade policies. One researcher estimates that between 100K and 200K boxes may already be compromised worldwide. What’s particularly interesting is that Microsoft issued a patch for the underlying vulnerabilities in March. Shadow Brokers Several […]

Continue Reading...

Posted in Application Security, Data Breach, Vulnerability Assessment | Comments Off on DoublePulsar continues to expose older Windows boxes: What you need to know

 

Is a career in application security consulting right for you?

In January 2016, Forbes announced that there were one million job openings in cyber security. The shortage of talent has continued to mount while demand is expected to increase to six million globally by 2019. You may be intrigued by the idea of security consulting but aren’t sure how to transition or break through. If […]

Continue Reading...

Posted in Application Security, Mobile Application Security, Web Application Security | Comments Off on Is a career in application security consulting right for you?

 

What are the signs your web application has been hacked?

Your web application is the face of your business. It is the client-server software exposed to the world. For instance, when you want to book an airline ticket you visit the airline’s website to make the reservation. This public exposure and interaction is highly convenient to current and potential customers. However, it also makes your […]

Continue Reading...

Posted in Application Security, Data Breach | Comments Off on What are the signs your web application has been hacked?