Software Integrity Blog

Archive for the 'Fuzz Testing' Category

 

What is the state of fuzz testing in 2017?

In a new report, Synopsys examines new insights into areas of software development where further testing remains. By analyzing over 4.8 billion protocol-based tests, the Synopsys State of Fuzzing 2017 report qualifies the relative levels of maturity in terms of quality and security across more than 250 protocols found in industry verticals such as industrial […]

Continue Reading...

Posted in Fuzz Testing

 

Fault Injection Podcast: Where the zero days are

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about the value of fuzz testing and the findings from a new report from Synopsys on the State […]

Continue Reading...

Posted in Fuzz Testing, Podcasts

 

Black Hat USA and DEF CON 2017: And that’s a wrap!

Another week of InfoSec in the desert is history. Black Hat USA started as the Black Hat Briefings in 1997, and has remained mostly corporate. It grew out of the hacker-friendly environment of DEF CON which started as a going away party for a friend of the founder, Jeff Moss, in 1993. Together, the two […]

Continue Reading...

Posted in Fuzz Testing, Internet of Things, Webinars

 

Zeroing in on zero day vulnerabilities

Earlier this month WikiLeaks announced it had in its possession a cache of zero days allegedly from the Central Intelligence Agency. These unpatched vulnerabilities, it said, could affect Apple and Android devices (including TVs). It is suspected that exploitation of these vulnerabilities could allow the spy agency – or anyone else who knows about them […]

Continue Reading...

Posted in Fuzz Testing, Static Analysis (SAST)

 

With comparisons to Heartbleed, Cloudbleed may affect millions

A researcher from Google disclosed on Thursday that private messages, API keys, and other sensitive data were being leaked by a major content delivery network to random requesters, a leakage that could affect up to 5.5 million websites. Like Heartbleed, which was co-discovered by the Synopsys team in Oulu, Finland, and Google in April 2014, […]

Continue Reading...

Posted in Cloud Security, Fuzz Testing, Software Architecture and Design

 

Bug elimination: Code scanning, fuzzing, and composition analysis

When it comes to software vulnerabilities, Dr. Jared DeMott knows his stuff. Formerly a vulnerability analyst with the National Security Agency (NSA), Dr. DeMott holds a Ph.D. from Michigan State University. He has been on three winning DEF CON capture-the-flag (CTF) teams and talks about his vulnerability research at conferences like DerbyCon, Black Hat, ToorCon, […]

Continue Reading...

Posted in Fuzz Testing, Software Composition Analysis, Static Analysis (SAST), Web Application Security

 

Ticketbleed: The next black swan

Last week a researcher disclosed a software vulnerability in a feature of the TLS/SSL stack that allowed a remote attacker to extract sensitive information. Sound familiar? In 2014, the Heartbleed vulnerability in the OpenSSL implementation of the heartbeat function in SSL affected some 600,000 websites worldwide and risked exposing passwords and other private keys. Ticketbleed, […]

Continue Reading...

Posted in Fuzz Testing, Software Composition Analysis

 

Synopsys finds Bluetooth memory vulnerability in macOS/OS X

On Tuesday, researchers at Synopsys were credited in an Apple Update with finding a Bluetooth memory vulnerability in its operating system. The Cupertino-based computer company disclosed a memory corruption issue as one of three affecting its Bluetooth stack. The effect of this specific unpatched vulnerability is that an application may be able to execute arbitrary […]

Continue Reading...

Posted in Fuzz Testing, Software Architecture and Design

 

New study finds static analysis and fuzz testing from Synopsys can save millions in remediation costs

By integrating testing early in the software development lifecycle, organizations may realize a high ROI. Earlier this year, Synopsys commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) case study for an organization deploying Coverity, a static code analysis solution, and Defensics, an intelligent fuzzing solution. The goal of Forrester’s independent TEI study was […]

Continue Reading...

Posted in Fuzz Testing, Static Analysis (SAST)

 

Podcast: Billy Rios on the good and the bad of Heartbleed, Part 1

Two years after its disclosure, the vulnerability in OpenSSL known as Heartbleed remains significant. There are valuable lessons still to be learned both about how the vulnerability was initially discovered and how the security community has responded over time. This week my guest is Billy Rios, founder of WhiteScope, an embedded security company. In April […]

Continue Reading...

Posted in Fuzz Testing, Internet of Things, Open Source Security