Software Integrity Blog

Archive for the 'Developer Enablement' Category

 

[Webinars] DevOps, security tool abuse, Coverity and Threadfix

Practice DevSecOps with automated continuous testing, defend your apps from security tool misuse, and learn how Coverity and ThreadFix enable developers.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Developer Enablement, Webinars | Comments Off on [Webinars] DevOps, security tool abuse, Coverity and Threadfix

 

How to teach developers secure coding without slowing them down

Secure coding training isn’t required in most computer science programs. How can you fill the gaps in your developers’ education without slowing them down?

Continue Reading...

Posted in Agile, CI/CD & DevOps, Developer Enablement, Security Training | Comments Off on How to teach developers secure coding without slowing them down

 

[Webinars] Software audits for M&A and secure programming

Bring more value to your M&A clients with software audits, and learn how to build a culture of secure programming in your organization in our new webinars.

Continue Reading...

Posted in Developer Enablement, Mergers & Acquisitions, Webinars | Comments Off on [Webinars] Software audits for M&A and secure programming

 

[Webinars] Tech due diligence and AppSec tools for developers

Learn how to manage your software asset risk in tech due diligence, and discover AppSec tools and techniques to enable your developers to build security in.

Continue Reading...

Posted in Developer Enablement, Mergers & Acquisitions, Webinars | Comments Off on [Webinars] Tech due diligence and AppSec tools for developers

 

Why dependencies matter for SAST

How do static analyzers manage code dependencies? There are many ways, but the best static analyzers take a hybrid approach to dependency analysis.

Continue Reading...

Posted in Developer Enablement, Static Analysis (SAST) | Comments Off on Why dependencies matter for SAST

 

Hacking Security Episode 4: DevSecOps with Meera Rao

Hacking Security is a monthly podcast on emerging trends in application security. In Episode 4, secure development expert Meera Rao discusses DevSecOps.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Developer Enablement | Comments Off on Hacking Security Episode 4: DevSecOps with Meera Rao

 

How to get cloud security training for your team

To give your team the latest cloud security training, you need a fixed core curriculum and the flexibility to customize cloud training to each person’s needs.

Continue Reading...

Posted in Cloud Security, Developer Enablement, Security Training, Webinars | Comments Off on How to get cloud security training for your team

 

Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol

This is the second of two articles that describe how to use the Defensics SDK in fuzzing Bitcoin. In the previous article, you saw how to set up a test bed for bitcoind. We created two containers, alice and bob, and were able to set up communication between the two bitcoind instances. In this article, you’ll learn how to create a data model for the Bitcoin network protocol, then use this model in the Defensics SDK to perform fuzzing on bitcoind.

Continue Reading...

Posted in Developer Enablement, Fuzz Testing | Comments Off on Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol

 

Tineola: Taking a bite out of enterprise blockchain

Parsia Hakimian and Stark Riedesel presented Tineola at DEF CON 26

Continue Reading...

Posted in Developer Enablement, General | Comments Off on Tineola: Taking a bite out of enterprise blockchain

 

Cracking XenForo corpuses: An unsupported sha256(sha256($pass).$salt) hash type

A list that recently hit Hashes.org, with 1 million records and a low crack rate, looked like an interesting target, given that the community had recovered less than 0.5% of the hashes. On taking a closer look, we quickly found out why:

Continue Reading...

Posted in Developer Enablement | Comments Off on Cracking XenForo corpuses: An unsupported sha256(sha256($pass).$salt) hash type