Software Integrity

Archive for the 'Application Security' Category

 

Office 365 email protection gets blindsided

Maybe you could call it two-factor fakery. Because the latest zero-day to plague Microsoft’s Office 365—a cloud-based service that includes Office 2016—was created by somebody who figured out that the way to get malicious emails past its security systems is to split a malicious link in two. Researchers at the security firm Avanan, who said […]

Continue Reading...

Posted in Application Security, Data Breach | No Comments »

 

OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

Black Duck by Synopsys announces OpsSight 2.0. Abbott strengthens pacemaker software against vulnerabilities. A year after disclosure, the Struts vulnerability is still a danger to thousands of companies. And the new Synopsys Security Mashup video is up. Software Integrity Insight is your resource on the cyber security and open source security news that made headlines […]

Continue Reading...

Posted in Application Security, Blockchain Security, Containers, DevOps, Medical Device Security, Static Analysis (SAST) | No Comments »

 

Employees post passwords online, Hacking tool grants access to DVRs, and Blockchain

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Weekly Security Mashup episode. When employees post passwords online via Brian Krebs, security blogger – Krebsonsecurity.com – Hosts of companies using the online collaboration tool Trello.com share passwords for sensitive internal resources. New hacking tool lets […]

Continue Reading...

Posted in Application Security, Blockchain Security, Data Breach | No Comments »

 

Infographic: What’s with the security / DevOps disconnect?

Download infographic  

Continue Reading...

Posted in Application Security, CI/CD, DevOps | Comments Off on Infographic: What’s with the security / DevOps disconnect?

 

8 takeaways from NIST’s application container security guide

Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, the security risks associated with containerized software delivery has become a hot topic in DevOps. This puts the spotlight on operations teams […]

Continue Reading...

Posted in Application Security, Containers, DevOps | Comments Off on 8 takeaways from NIST’s application container security guide

 

Verizon DBIR puts security burden on users

The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security. The number of confirmed breaches—at least the ones reported by 67 contributors globally—was 2,216, among 53,308 “real-world incidents.” In […]

Continue Reading...

Posted in Application Security, Data Breach, Maturity Model (BSIMM), Vulnerability Assessment | Comments Off on Verizon DBIR puts security burden on users

 

RSA news, Israel shifts to open source, latest on TaskRabbit breach

RSA happened last week, and a ton of news—some gloomy, some encouraging—has come from the world’s largest cyber security conference. The Israeli government follows Great Britain, the U.S., and France and moves to open source. TaskRabbit pledges “more security” after a data breach, and nine things you can expect to have an impact on cyber […]

Continue Reading...

Posted in Application Security, Data Breach, DevOps, Open Source Security, Security Conference or Event | Comments Off on RSA news, Israel shifts to open source, latest on TaskRabbit breach

 

RSA day 2: Cloudy forecast with some sunny breaks

It was mostly sunny outside RSA Conference 2018 in San Francisco during the opening keynotes on Tuesday. Inside? Well, there were some sunny breaks, but plenty of clouds as well. It started sunny, when RSA president Rohit Ghai acknowledged the clouds but chose to focus on “Three Silver Linings.” “I’m not in denial,” he said. […]

Continue Reading...

Posted in Application Security, Security Conference or Event | Comments Off on RSA day 2: Cloudy forecast with some sunny breaks

 

Data breaches, SirenJack, and serverless apps vulns

It’s nearly an all-Tim Mackey issue of Software Integrity Insight as our technical evangelist weighs in on data breaches, container adoption, GitHub, and open source serverless applications. Other stories in this week’s software integrity news include the SirenJack vulnerability, a security vulnerability potentially putting warning sirens across the city of San Francisco at risk, and […]

Continue Reading...

Posted in Application Security, Containers, Data Breach, Internet of Things, Open Source Security | Comments Off on Data breaches, SirenJack, and serverless apps vulns

 

Webinar: DevSecOps best practices with Synopsys and GitHub

As firms consistently strive to become more agile, cloud and containers can help them build software faster and deliver continuously. At the same time, many firms fear that adding security to DevOps practices can severely slow down processes. With GitHub and Black Duck by Synopsys, firms can automate secure development workflows, shift security left, and […]

Continue Reading...

Posted in Application Security, Black Duck by Synopsys, DevOps, Open Source Security | Comments Off on Webinar: DevSecOps best practices with Synopsys and GitHub