Software Integrity

Archive for the 'Fuzz Testing' Category

 

How to break car kits with Bluetooth fuzz testing

The habit of breaking things When I was a child, I liked to break things to see how they were built. When I was older, I didn’t grow out of this habit. In fact, I joined a company with like-minded individuals. Now we don’t break things just for the sake of breaking them; we break […]

Continue Reading...

Posted in Automotive Security, Fuzz Testing

 

Debunking the top 5 Defensics fuzz testing myths

Written in coordination with Chris Clark, Defensics product manager Over the last year, we’ve noticed a rise in Defensics myths. Admittedly, this doesn’t surprise me. Myths abound in technology markets, where facts and figures often stand in contrast to conventional wisdom, and the fuzz testing market is a particularly challenging one to navigate. I suspect […]

Continue Reading...

Posted in Application Security, Fuzz Testing

 

Get the latest resource helping development teams overcome widespread challenges

Only when security is treated with the same importance as quality can your software’s integrity drive a proactive strategy rather than a reactive response. In addition to ensuring software quality, development teams are under increasing pressure to address software security concerns. The high-profile data breaches that continuously arise are raising awareness of security issues. Because […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Fuzz Testing, Interactive Application Security Testing (IAST), Security Training, Software Quality, Static Analysis (SAST)

 

Navigating responsible vulnerability disclosure best practices

The definition of responsible vulnerability disclosure varies based on who you ask. Tech goliath Microsoft has openly disagreed with Google on this very topic, as outlined by The Verge. In the vulnerability management industry, discretion is key. Because we’re continuously handling vulnerabilities that can be used maliciously by black hats, there are widespread implications and […]

Continue Reading...

Posted in Application Security, Fuzz Testing, Security Risk Assessment, Software Security Testing, Vulnerability Assessment

 

How to proactively protect IoT devices from DDoS attacks

Last October, a distributed denial-of-service (DDoS) attack by the name of Mirai brought popular websites such as Netflix, Spotify, Twitter, SoundCloud, and more to their knees. Now, nearly a year later, Mirai is a distant memory, but we may not have seen the worst of Internet of Things (IoT) DDoS attacks. Security researchers at cyber […]

Continue Reading...

Posted in Application Security, Fuzz Testing

 

Synopsys finds 3 Linux kernel vulnerabilities

At Synopsys, our R&D teams routinely organize internal hackathons to verify the Synopsys Software Integrity Portfolio’s performance in real-world environments. During one hackthon, focused on open source software, Tuomas Haanpää, from the Synopsys Fuzz Testing (Defensics) R&D group, ran our NFSv3 test suite against the Linux kernel and found several interesting errors. Initial analysis found that anomalized […]

Continue Reading...

Posted in Application Security, Fuzz Testing, Open Source Security

 

What is the state of fuzz testing in 2017?

In a new report, Synopsys examines new insights into areas of software development where further testing remains. By analyzing over 4.8 billion protocol-based tests, the Synopsys State of Fuzzing 2017 report qualifies the relative levels of maturity in terms of quality and security across more than 250 protocols found in industry verticals such as industrial […]

Continue Reading...

Posted in Fuzz Testing

 

Fault Injection Podcast: Where the zero days are

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about the value of fuzz testing and the findings from a new report from Synopsys on the State […]

Continue Reading...

Posted in Fuzz Testing

 

Black Hat USA and DEF CON 2017: And that’s a wrap!

Another week of InfoSec in the desert is history. Black Hat USA started as the Black Hat Briefings in 1997, and has remained mostly corporate. It grew out of the hacker-friendly environment of DEF CON which started as a going away party for a friend of the founder, Jeff Moss, in 1993. Together, the two […]

Continue Reading...

Posted in Fuzz Testing, Internet of Things, Security Conference or Event

 

Zeroing in on zero day vulnerabilities

Earlier this month WikiLeaks announced it had in its possession a cache of zero days allegedly from the Central Intelligence Agency. These unpatched vulnerabilities, it said, could affect Apple and Android devices (including TVs). It is suspected that exploitation of these vulnerabilities could allow the spy agency – or anyone else who knows about them […]

Continue Reading...

Posted in Code Review, Embedded Software Testing, Fuzz Testing, Network Security, Software Security Testing, Static Analysis (SAST)