Software Integrity

Archive for the 'Application Security' Category

 

Equifax breach: Catastrophic, but no game changer yet

This article was originally published in Forbes. I hate to say I told you so…well, actually, like most people, I love to say I told you so. I’m just willing to admit it. Because the state of software security a year after the catastrophic data breach of Equifax became public, basically confirms what I wrote last October: […]

Continue Reading...

Posted in Application Security

 

Tesla key fob issues, Tor Browser zero-day woes, and you’ve got malware!

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Dude, don’t take my Tesla! Plus Tor Browser zero-day (already wiped away), and you’ve got malware (if you fall for it!). Watch this week’s episode […]

Continue Reading...

Posted in Application Security, Automotive Security, Weekly Security Mashup

 

Hacking Security Episode 1: What is Hacking Security?

Hacking Security is a monthly podcast on emerging trends in application security development. What is Hacking Security? Episode 1 covers how we came up with the name “Hacking Security.” Why did we decide on this name? Take five minutes to learn more, or read the transcript below. Follow Steve Giguere on Twitter Read Steve Giguere’s […]

Continue Reading...

Posted in Application Security, Hacking Security

 

Let’s write a CodeXM checker (it’s not rocket science!)

All systems are go. We have liftoff. Let’s write some CodeXM. If you’ve read the previous two posts, you should come away with a sense that writing a CodeXM checker isn’t rocket science. Let’s put that to the test. In order to get this hands-on experience, you should have access to an installed version of […]

Continue Reading...

Posted in Application Security, Featured, Software Security Testing, Static Analysis (SAST)

 

What’s so special about zero-day vulnerabilities?

You may have heard about the zero-day vulnerability in the Tor Browser that was disclosed yesterday. It’s a big deal, and not just because of the ethics of buying and selling undisclosed vulnerabilities. Many people who use Tor Browser do so because of the privacy and security protections it offers—protections that the vulnerability had threatened […]

Continue Reading...

Posted in Application Security, Software Security Testing

 

Webinar: Using Security Champions to build a DevSecOps culture within your organization

Development and operations teams have already come a long way by aligning around the shared goal of delivering stable, high-quality software quickly. They’ve automated manual processes and built tools into continuous integration and continuous delivery (CI/CD) pipelines. In doing so, they’ve increased trust between groups, which is essential as these once-disparate teams tackle critical issues […]

Continue Reading...

Posted in Application Security, DevSecOps, Security Training

 

Fixing the CVE program, your personal data checking out and taking flight

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Fixing the CVE program, your personal data has already “checked out,” and it even “may potentially” have taken flight. Watch this week’s episode below to […]

Continue Reading...

Posted in Application Security, Mobile Application Security, Weekly Security Mashup

 

These hacks brought to you by ‘leaky’ APIs

“Leaky” is almost never a good thing. The whole idea, in just about any case, is to make things that don’t leak and to plug things that do. And that’s true of cyber security, as demonstrated by a couple of recent incidents involving leaky APIs (application programming interfaces). Hacked at Black Hat A couple of […]

Continue Reading...

Posted in Application Security, Data Breach, Penetration Testing, Web Application Security

 

SamSam ransomware keeps striking—victims still unprepared

“You can pay (a little) now or you can pay (a lot) later” is a very old line—a pitch for oil filters almost 40 years ago. Unfortunately, it remains relevant in cyber security, especially when it comes to ransomware. And especially when that ransomware is the potent, pernicious SamSam. The “trade-off” is stark: You can […]

Continue Reading...

Posted in Application Security, Government Security

 

The intersection between IAST and SCA and why you need both in your security toolkit

Two powerful yet relatively new technologies in application security testing are interactive application security testing (IAST) and software composition analysis (SCA). IAST solutions are designed to help organizations identify and manage security risks associated with vulnerabilities discovered in running web applications using dynamic testing (a.k.a. runtime testing) techniques. SCA, a term coined by market analysts, […]

Continue Reading...

Posted in Application Security, Black Duck by Synopsys, DevSecOps, Interactive Application Security Testing (IAST), Software Composition Analysis