The habit of breaking things When I was a child, I liked to break things to see how they were built. When I was older, I didn’t grow out of this habit. In fact, I joined a company with like-minded individuals. Now we don’t break things just for the sake of breaking them; we break […]
Posted in Automotive Security, Fuzz Testing | Comments Off on How to break car kits with Bluetooth fuzz testing
Written in coordination with Chris Clark, Defensics product manager Over the last year, we’ve noticed a rise in Defensics myths. Admittedly, this doesn’t surprise me. Myths abound in technology markets, where facts and figures often stand in contrast to conventional wisdom, and the fuzz testing market is a particularly challenging one to navigate. I suspect […]
Posted in Application Security, Fuzz Testing | Comments Off on Debunking the top 5 Defensics fuzz testing myths
Only when security is treated with the same importance as quality can your software’s integrity drive a proactive strategy rather than a reactive response. In addition to ensuring software quality, development teams are under increasing pressure to address software security concerns. The high-profile data breaches that continuously arise are raising awareness of security issues. Because […]
Posted in Application Security, Dynamic Analysis (DAST), Fuzz Testing, Interactive Application Security Testing (IAST), Security Training, Software Quality, Static Analysis (SAST) | Comments Off on Get the latest resource helping development teams overcome widespread challenges
The definition of responsible vulnerability disclosure varies based on who you ask. Tech goliath Microsoft has openly disagreed with Google on this very topic, as outlined by The Verge. In the vulnerability management industry, discretion is key. Because we’re continuously handling vulnerabilities that can be used maliciously by black hats, there are widespread implications and […]
Posted in Application Security, Fuzz Testing, Security Risk Assessment, Software Security Testing, Vulnerability Assessment | Comments Off on Navigating responsible vulnerability disclosure best practices
Last October, a distributed denial-of-service (DDoS) attack by the name of Mirai brought popular websites such as Netflix, Spotify, Twitter, SoundCloud, and more to their knees. Now, nearly a year later, Mirai is a distant memory, but we may not have seen the worst of Internet of Things (IoT) DDoS attacks. Security researchers at cyber […]
Posted in Application Security, Fuzz Testing | Comments Off on How to proactively protect IoT devices from DDoS attacks
At Synopsys, our R&D teams routinely organize internal hackathons to verify the Synopsys Software Integrity Portfolio’s performance in real-world environments. During one hackthon, focused on open source software, Tuomas Haanpää, from the Synopsys Fuzz Testing (Defensics) R&D group, ran our NFSv3 test suite against the Linux kernel and found several interesting errors. Initial analysis found that anomalized […]
Posted in Application Security, Fuzz Testing, Open Source Security | Comments Off on Synopsys finds 3 Linux kernel vulnerabilities
In a new report, Synopsys examines new insights into areas of software development where further testing remains. By analyzing over 4.8 billion protocol-based tests, the Synopsys State of Fuzzing 2017 report qualifies the relative levels of maturity in terms of quality and security across more than 250 protocols found in industry verticals such as industrial […]
Posted in Fuzz Testing | Comments Off on What is the state of fuzz testing in 2017?
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about the value of fuzz testing and the findings from a new report from Synopsys on the State […]
Posted in Fuzz Testing | Comments Off on Fault Injection Podcast: Where the zero days are
Another week of InfoSec in the desert is history. Black Hat USA started as the Black Hat Briefings in 1997, and has remained mostly corporate. It grew out of the hacker-friendly environment of DEF CON which started as a going away party for a friend of the founder, Jeff Moss, in 1993. Together, the two […]
Posted in Fuzz Testing, Internet of Things, Security Conference or Event | Comments Off on Black Hat USA and DEF CON 2017: And that’s a wrap!
Earlier this month WikiLeaks announced it had in its possession a cache of zero days allegedly from the Central Intelligence Agency. These unpatched vulnerabilities, it said, could affect Apple and Android devices (including TVs). It is suspected that exploitation of these vulnerabilities could allow the spy agency – or anyone else who knows about them […]
Posted in Code Review, Embedded Software Testing, Fuzz Testing, Network Security, Software Security Testing, Static Analysis (SAST) | Comments Off on Zeroing in on zero day vulnerabilities