Software Integrity

Archive for the 'Application Security' Category

 

KRACK: Examining the WPA2 protocol flaw and what it means for your business

WPA2? The weekend of Friday the 13th took a frightening turn—even for those of us who aren’t superstitious—when detrimental weaknesses were discovered in Wi-Fi Protected Access II (WPA2), the protocol responsible for securing Wi-Fi networks. WPA2 was first made available back in 2004 and has been required on all Wi-Fi branded devices since March 2006. […]

Continue Reading...

Posted in Application Security, Data Breach, Software Quality, Vulnerability Assessment | No Comments »

 

ROCA: Cryptographic flaws in BitLocker, Secure Boot, and millions of smartcards

What happened and what can we learn? There’s been some very big news in the cryptographic world this week. So far, several technology news sites have highlighted the impact of a new vulnerability on Estonian and Slovakian smartcards, but the reach of this vulnerability is far wider than that. Five security researchers have just announced […]

Continue Reading...

Posted in Application Security, Cryptography, Data Breach | No Comments »

 

How do Security Champions enable an AppSec culture?

What are Security Champions? Security Champions are developers who have a direct impact on the resiliency and security of their firm’s software. They are enthusiastic volunteers willing to participate in advanced software security training to perform an important role. They are also a part of a greater community of Champions exchanging ideas and techniques. Since […]

Continue Reading...

Posted in Application Security | No Comments »

 

What are the different types of software testing?

Most of us use the internet on a daily basis. As the number of internet users continues to grow, more personal and sensitive information is collected—information that firms need to protect. From online banking and ordering food, to calling a cab, paying bills, and booking hotels, our lives are highly plugged-in. With this, the onus is […]

Continue Reading...

Posted in Application Security, Featured, Software Security Testing | No Comments »

 

Key findings on proactive application security

As you’re probably well aware, application security is a major issue among software developers and users. After all, a breach caused by an overlooked issue, as was the case for Equifax’s recent attack, can impact millions around the globe. The rise of high-profile ransomware and DDoS attacks is causing more and more developers to realize […]

Continue Reading...

Posted in Application Security | No Comments »

 

Silver Bullet Podcast celebrates women in cyber security

Over the past year, Synopsys’ Gary McGraw has hosted 12 women making an impact on the security industry in his monthly Silver Bullet Security Podcast. The podcast features in-depth conversations with security gurus. Past guests include technologists, academics, business leaders, and government officials. A year ago, McGraw set out to focus his efforts on finding […]

Continue Reading...

Posted in Application Security | Comments Off on Silver Bullet Podcast celebrates women in cyber security

 

How to implement security measures without negatively affecting software quality

Over the past decade, most organizations have established a well-oiled process for software development and maintenance. We refer to this as the software development life cycle (SDLC). However, advancing security threats relating to insecure software have brought the focus to security implementation within the SDLC without hampering quality. Let’s examine a few strategies to implement security […]

Continue Reading...

Posted in Application Security, Software Development Life Cycle (SDLC), Software Quality, Software Security Testing | Comments Off on How to implement security measures without negatively affecting software quality

 

3 ways to build a recruiting culture in the AppSec industry

I am often posed the question, how do you manage to staff security professionals in such a competitive market? Our team has even been asked to help top-tier clients fill their own internal vacancies. So what makes us effective? Secure executive support It is very common for recruiting departments to be treated as administrative support […]

Continue Reading...

Posted in Application Security | Comments Off on 3 ways to build a recruiting culture in the AppSec industry

 

Fault Injection Podcast: Sammy Migues introduces BSIMM8

Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Sammy Migues, principal scientist here at Synopsys, about the new Building Security In Maturity Model (BSIMM) 8 report. You […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM) | Comments Off on Fault Injection Podcast: Sammy Migues introduces BSIMM8

 

Why do companies need a software security program?

The information technology sector is one of the world’s fastest growing industries. In fact, the rate at which software and software products are evolving is many times greater when compared to the rate at which software security is evolving. In an age of cybercrime, some of the most widespread cyber-based crimes include: Stealing information via […]

Continue Reading...

Posted in Application Security, Data Breach, Software Security Program Development | Comments Off on Why do companies need a software security program?