Software Integrity

Archive for the 'Application Security' Category

 

Top security breaches of 2017 (+2018 cyber security predictions)

The year 2017 broke records for the number of reported security vulnerabilities in software. We also saw one of the worst data breaches ever in terms of impact. Let’s look back at some of the security news from 2017. Record number of vulnerabilities The number of publicly disclosed vulnerabilities in 2017 far exceeds the number […]

Continue Reading...

Posted in Application Security, Data Breach, Featured | No Comments »

 

Infographic: Set the course for developers to navigate software security

Synopsys recently conducted a survey of 274 respondents to identify the role that security plays within organizational development teams. Participants represented a variety of job functions, including software developers, software engineers, quality assurance, software security, and audit/compliance team members. Responses are equally represented for companies under 1,000 employees and companies with 1,000+ employees. Here are […]

Continue Reading...

Posted in Application Security, Featured, Infographic, Secure Coding Guidelines | No Comments »

 

Synopsys named a leader in static application security testing

We’re proud to announce that Synopsys has been positioned as a leader in The Forrester Wave™: Static Application Security Testing, Q4 2017. The in-depth report evaluates the 10 most significant vendors in static application security testing (SAST), assessing their strengths and weaknesses across 29 criteria in three categories. Synopsys Static Analysis (Coverity) is the highest-ranked […]

Continue Reading...

Posted in Application Security, Featured, Static Analysis (SAST) | No Comments »

 

Synopsys strengthens Software Integrity Platform with Black Duck acquisition

Today, Synopsys completed the acquisition of Black Duck Software, a well-respected, established leader in Software Composition Analysis (SCA), which helps organizations identify open source components in their software and check those components for known security vulnerabilities. The two companies are strategically aligned, with a shared vision of building security and quality into the software development […]

Continue Reading...

Posted in Application Security, Open Source Security | No Comments »

 

PayPal uncovers TIO Networks data breach affecting 1.6 million users

In July 2017, PayPal completed its acquisition of TIO Networks for $238 million. TIO Networks, a multichannel payment processor, serves over 16 million consumer bill pay accounts and offers solutions for payment services to financially underserved consumers and consumer services. Fast-forward to Nov. 10, 2017, when PayPal announced the suspension of TIO Networks’ operations due […]

Continue Reading...

Posted in Application Security, Data Breach, Vendor Risk Management | No Comments »

 

Research reveals customer-facing web and mobile apps as top security challenge

A new Synopsys survey reveals that customer-facing web and mobile applications are the top security challenge for IT professionals in Asia. From Sept. 19 to 21, 2017, Synopsys conducted a survey at Singapore International Cyber Week (SICW), the region’s most established cyber security event. We spoke to 244 C-level IT professionals, managers, and executives in […]

Continue Reading...

Posted in Application Security, Mobile Application Security, Web Application Security | Comments Off on Research reveals customer-facing web and mobile apps as top security challenge

 

Navigating responsible vulnerability disclosure best practices

The definition of responsible vulnerability disclosure varies based on who you ask. Tech goliath Microsoft has openly disagreed with Google on this very topic, as outlined by The Verge. In the vulnerability management industry, discretion is key. Because we’re continuously handling vulnerabilities that can be used maliciously by black hats, there are widespread implications and […]

Continue Reading...

Posted in Application Security, Fuzz Testing, Security Risk Assessment, Software Security Testing, Vulnerability Assessment | Comments Off on Navigating responsible vulnerability disclosure best practices

 

Attacks on TLS vulnerabilities: Heartbleed and beyond

Over the past few years, we’ve seen a variety of TLS vulnerabilities steadily surface. In general, we brand each one as “just another TLS vulnerability,” but the intricacies of each are rather distinct, though not horribly convoluted. Let’s walk through a few together.  2014: Heartbleed and POODLE Heartbleed affects the OpenSSL library’s implementation of a […]

Continue Reading...

Posted in Application Security, Vulnerability Assessment | Comments Off on Attacks on TLS vulnerabilities: Heartbleed and beyond

 

Demystifying Android’s SafetyNet Attestation at Black Hat Europe 2017

Many app developers have questions like “Is the device my app runs on reliable? Is it trustworthy? Could it be ‘rooted’?” Answering questions such as these can be difficult. In an area traditionally dominated by root detection products and DIY techniques, Google attempts to respond to this request: “OK Google, what do you think about […]

Continue Reading...

Posted in Application Security, Mobile Application Security | Comments Off on Demystifying Android’s SafetyNet Attestation at Black Hat Europe 2017

 

What are the top Black Friday cyber security concerns of 2017?

In anticipation of Black Friday, we want to help spread awareness of potential security concerns affecting people who either buy or sell products or services through digital means. There are many scams that fraudsters attempt when targeting victims online. Falling for a scam can be as simple as clicking on an email link or visiting […]

Continue Reading...

Posted in Application Security | Comments Off on What are the top Black Friday cyber security concerns of 2017?