Sorry, not available in this language yet

Build Security into DevOps

You don’t have to compromise development velocity to build secure software. Read articles from Synopsys cyber security experts about implementing security measures throughout the software development life cycle to streamline development and release secure, high-quality software.

194

Stories

Writers

Top Writers

Synopsys Editorial Team

Jonathan Knudsen

Taylor Armerding

Last Published

Apr 30, 2024/3 min read

Accelerate application code fixes with AI-powered Polaris Assist

By Corey Hamilton

Tags: Artificial Intelligence, Software Integrity, Security News & Trends, Build Security into DevOps

Apr 17, 2024/3 min read

Understanding Python pickling and how to use it securely

By Ashutosh Agrawal

Tags: Build Security into DevOps, Training

Mar 31, 2024/8 min read

How to detect, prevent, and mitigate buffer overflow attacks

By Natalie Lightner

Tags: Software Integrity, Build Security into DevOps, SAST

Mar 27, 2024/4 min read

4 approaches to vulnerability remediation

By Natalie Lightner

Tags: SCA, Build Security into DevOps, Training, Manage Security Risks

Mar 24, 2024/5 min read

Top 4 software development methodologies

By Mike McGuire

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps, DevSecOps

Mar 19, 2024/3 min read

Introducing fAST Dynamic: Streamlining dynamic application security testing

By Vishrut Iyengar

Tags: DAST, Software Integrity, Security News & Trends, Build Security into DevOps

Mar 18, 2024/8 min read

Six Python security best practices for developers

By Boris Cipot

Tags: Software Integrity, Build Security into DevOps, AppSec Best Practices, Training

Mar 18, 2024/3 min read

SAST vs. DAST: What’s the best method for application security testing?

By Apoorva Phadke

Tags: DAST, Software Integrity, Build Security into DevOps, SAST, Web AppSec

Mar 04, 2024/4 min read

The Synopsys integrated DevSecOps playbook: Steps for successful DevSecOps

By Steven Zimmerman

Tags: Software Integrity, Build Security into DevOps, DevSecOps

Feb 21, 2024/1 min read

The cybersecurity landscape - A discussion of future state and AI with Dr. Lisa Bradley

By Sammy Migues

Tags: Artificial Intelligence, Software Integrity, Build Security into DevOps, DevSecOps

Feb 21, 2024/3 min read

Navigating complexity in AppSec

By Charlotte Freeman

Tags: Artificial Intelligence, Software Integrity, Build Security into DevOps

Feb 13, 2024/2 min read

DevSecOps best practices

By Steven Zimmerman

Tags: Software Integrity, Build Security into DevOps, DevSecOps

Feb 07, 2024/3 min read

Container security essentials

By Charlotte Freeman

Tags: Software Integrity, Build Security into DevOps, Cloud Security, Container Security

Feb 07, 2024/2 min read

AppSec Decoded: How to implement security in DevOps

By Steven Zimmerman

Tags: Software Integrity, Build Security into DevOps, DevSecOps

Nov 27, 2023/4 min read

Consolidate security tools and vendors to enhance risk management

By Shandra Gemmiti

Tags: Software Integrity, Build Security into DevOps, Manage Security Risks

Nov 21, 2023/5 min read

Audited vs. automated: What your automated open source tool isn't seeing

By Susan Miller, Don Mulrenan, Rich Kosinski

Tags: SCA, M&A, Software Integrity, Build Security into DevOps, OSS License Compliance

Nov 14, 2023/4 min read

Why cross-site scripting still matters

By Charlotte Freeman

Tags: Software Integrity, Program Strategy & Planning, Build Security into DevOps, AppSec Best Practices, Web AppSec, Manage Security Risks

Oct 30, 2023/6 min read

Secure cloud-native apps and APIs at the speed your business demands

By Kimm Yeo

Tags: Software Integrity, Build Security into DevOps, IAST, Cloud Security, Manage Security Risks

Sep 19, 2023/4 min read

Automate security: DevOps integrations for risk detection and remediation

By Charlotte Freeman

Tags: Software Integrity, Build Security into DevOps, DevSecOps

Sep 18, 2023/5 min read

National Coding Week: Closing the skills gap with secure code training

By Taylor Armerding

Tags: Software Integrity, Build Security into DevOps, Training, DevSecOps

Sep 07, 2023/5 min read

How to safeguard your AI ecosystem: The imperative of AI/ML security assessments

By John Waller

Tags: Artificial Intelligence, Software Integrity, Build Security into DevOps, DevSecOps

Aug 31, 2023/5 min read

What capabilities are critical to the success of your AppSec program?

By Patrick Carey

Tags: Software Integrity, Security News & Trends, Build Security into DevOps, Secure the Software Supply Chain, Manage Security Risks

Aug 24, 2023/7 min read

How to make the future IoT more secure

By Taylor Armerding

Tags: Software Integrity, Build Security into DevOps, Pen Testing, Training, Internet of Things

Jun 27, 2023/8 min read

Creating a well-rounded Microsoft 365 security program

By John Waller

Tags: Software Integrity, Build Security into DevOps, Cloud Security

May 24, 2023/1 min read

AppSec Decoded: Easy to scale with Polaris

By Synopsys Editorial Staff

Tags: Software Integrity, Build Security into DevOps, DevSecOps

May 22, 2023/3 min read

Synopsys named a Leader in the 2023 Gartner® Magic Quadrant™ for Application Security Testing for the seventh year

By Jason Schmitt

Tags: Software Integrity, Security News & Trends, Build Security into DevOps, Secure the Software Supply Chain, Manage Security Risks

May 17, 2023/4 min read

Detection strategies to unmask the source of malicious code

By Natalie Lightner

Tags: Software Integrity, Build Security into DevOps

Apr 12, 2023/5 min read

Improving cloud security posture with infrastructure-as-code

By Monika Chakraborty

Tags: Software Integrity, Build Security into DevOps, IAST, Cloud Security

Apr 11, 2023/5 min read

What pen testing can tell you about the health of your SDLC

By Charlotte Freeman

Tags: Software Integrity, Build Security into DevOps, Pen Testing

Mar 22, 2023/5 min read

Production-safe DAST: Your secret weapon against threat actors

By Vishrut Iyengar

Tags: DAST, Software Integrity, Build Security into DevOps

Mar 19, 2023/6 min read

Automate your DevSecOps to take the pressure off triage

By Steven Zimmerman

Tags: Software Integrity, Build Security into DevOps, DevSecOps

Mar 15, 2023/7 min read

AppSec Decoded: Continuous AppSec testing in DevSecOps with Seeker IAST

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, IAST, DevSecOps

Feb 13, 2023/1 min read

OWASP Top 10: Cryptographic failures

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Build Security into DevOps, CyRC, Web AppSec

Jan 19, 2023/1 min read

OWASP Top 10: Broken access control

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Build Security into DevOps, CyRC

Jan 17, 2023/8 min read

Finding hard-coded secrets before you suffer a breach

By Ksenia Peguero

Tags: SCA, Software Integrity, Build Security into DevOps, IAST, SAST

Jan 04, 2023/8 min read

How to choose React Native libraries for secure mobile application development

By Vineeta Sangaraju

Tags: Software Integrity, Build Security into DevOps, Mobile, SAST

Jan 01, 2023/1 min read

Cybersecurity Research Center Developer Series: The OWASP Top 10

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Build Security into DevOps, CyRC, Training

Dec 14, 2022/4 min read

Automating web security testing within your DevOps pipelines

By Charlotte Freeman

Tags: Software Integrity, Build Security into DevOps, IAST, DevSecOps

Dec 06, 2022/5 min read

What is the cost of poor software quality in the U.S.?

By Mike McGuire

Tags: SCA, Software Integrity, Security News & Trends, Build Security into DevOps

Nov 09, 2022/11 min read

JavaScript security best practices for securing your applications

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, AppSec Best Practices, Training

Nov 08, 2022/5 min read

Scalable SAST and SCA in a single solution with Polaris fAST services

By Patrick Carey

Tags: SCA, Software Integrity, Build Security into DevOps, DevSecOps, SAST, Manage Security Risks

Nov 04, 2022/3 min read

Defensics adds gRPC support for distributed web and mobile application security testing

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Build Security into DevOps, Mobile, Web AppSec

Oct 31, 2022/4 min read

Synopsys introduces GitHub Actions integration for developers

By Steven Zimmerman

Tags: Software Integrity, Build Security into DevOps, DevSecOps

Oct 16, 2022/2 min read

Real-time OWASP vulnerabilities as you code with Code Sight and Rapid Scan Static

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, SAST

Oct 03, 2022/4 min read

IDE-based application security for developers in IntelliJ

By Steven Zimmerman

Tags: SCA, Software Integrity, Build Security into DevOps, DevSecOps, SAST

Aug 26, 2022/4 min read

What I wish I knew about security when I started programming

By Allon Mureinik

Tags: Software Integrity, Build Security into DevOps, Training

Aug 23, 2022/7 min read

API authentication and authorization best practices

By Charlotte Freeman

Tags: Software Integrity, Build Security into DevOps, Secure the Software Supply Chain, AppSec Best Practices, Manage Security Risks

Jul 29, 2022/2 min read

Introducing IaC Security from Black Duck

By Natalie Lightner

Tags: SCA, Software Integrity, Build Security into DevOps

Jul 18, 2022/1 min read

AppSec Decoded: Application security orchestration and correlation

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, DevSecOps, Manage Security Risks, Orchestration & Correlation

Jul 05, 2022/5 min read

OWASP API Security Top 10: Security risks that should be on your radar

By Charlotte Freeman

Tags: Software Integrity, Build Security into DevOps, Manage Security Risks

Jun 26, 2022/6 min read

Celebrating one year of Rapid Scan Static

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, SAST, Web AppSec, Manage Security Risks

Jun 09, 2022/1 min read

AppSec Decoded: Security at the speed of DevOps

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Manage Security Risks, Orchestration & Correlation

May 23, 2022/8 min read

CyRC Case Study: Securing BIND 9

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Security into DevOps, CyRC, SAST

May 17, 2022/2 min read

Building security into existing source code management workflows

By James Rabon

Tags: Software Integrity, Build Security into DevOps, DevSecOps, Orchestration & Correlation

May 12, 2022/3 min read

Two-factor authentication misconfiguration bypass

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Web AppSec, Internet of Things

Feb 09, 2022/4 min read

Code Sight Standard Edition: Application security optimized for the needs of developers

By Raj Kesarapalli

Tags: SCA, Software Integrity, Security News & Trends, Build Security into DevOps, DevSecOps, SAST

Feb 09, 2022/4 min read

How to cybersecurity: Gravity is a harsh mistress

By Jonathan Knudsen

Tags: Software Integrity, Build Security into DevOps, DevSecOps, Manage Security Risks

Jan 31, 2022/1 min read

AppSec Decoded: Building security into DevSecOps

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, DevSecOps

Jan 18, 2022/6 min read

Five Cryptography best practices for developers

By Charlotte Freeman

Tags: Software Integrity, Build Security into DevOps, AppSec Best Practices, Training

Dec 08, 2021/5 min read

Safety Detectives interview with Tim Mackey

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Trends, Build Security into DevOps, Secure the Software Supply Chain, Manage Security Risks

Nov 01, 2021/3 min read

Top seven logging and monitoring best practices

By Ashutosh Rana

Tags: Software Integrity, Build Security into DevOps, AppSec Best Practices, Training

Oct 16, 2021/7 min read

Top 10 Spring Security best practices for Java developers

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, AppSec Best Practices, Web AppSec

Sep 14, 2021/1 min read

A new approach to AppSec

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Manage Security Risks, Orchestration & Correlation

Aug 19, 2021/6 min read

Reflections on trusting plugins: Backdooring Jenkins builds

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps

Aug 09, 2021/2 min read

Why penetration testing needs to be part of your IoT security

By Debrup Ghosh

Tags: Software Integrity, Build Security into DevOps, Pen Testing

Aug 08, 2021/5 min read

Keep infrastructure as code secure with Synopsys

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, SAST

Aug 03, 2021/5 min read

How to run your CodeXM checker

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Training, SAST

Jul 28, 2021/1 min read

AppSec Decoded: New executive order changes dynamic of software security standards

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Trends, Build Security into DevOps, Secure the Software Supply Chain, Compliance, Manage Security Risks, Public Sector

Jul 27, 2021/2 min read

Build developer trust with faster, accurate AppSec testing from Rapid Scan

By Scott Johnson

Tags: SCA, Agile, CI/CD, Software Integrity, Build Security into DevOps, SAST

Jul 21, 2021/2 min read

Shift even further left with blazing-fast Rapid Scan SAST

By Anna Chiang

Tags: Software Integrity, Build Security into DevOps, SAST

Jul 19, 2021/4 min read

Practical solutions for a secure automotive software development process following ISO/SAE 21434

By Dr. Dennis Kengo Oka

Tags: Software Integrity, Build Security into DevOps, Compliance, Automotive

Jul 08, 2021/3 min read

Getting started with writing checkers using CodeXM

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, SAST

Jun 29, 2021/2 min read

Optimizing software composition analysis for developer workflows with Black Duck Rapid Scan

By Mike McGuire

Tags: SCA, Software Integrity, Build Security into DevOps

Jun 28, 2021/3 min read

How to cyber security: Embedding security into every phase of the SDLC

By Jonathan Knudsen

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps

Jun 10, 2021/6 min read

How to achieve MISRA and AUTOSAR coding compliance

By Dr. Dennis Kengo Oka

Tags: Software Integrity, Build Security into DevOps, Compliance, Automotive

Jun 05, 2021/3 min read

Web application security testing at scale with Coverity SAST

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, SAST, Web AppSec, Manage Security Risks

May 06, 2021/8 min read

Top 10 DevSecOps best practices for building secure software

By Sneha Kokil

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps, AppSec Best Practices, DevSecOps

Apr 23, 2021/4 min read

How to cyber security: 5G is not magic

By Jonathan Knudsen

Tags: Software Integrity, Build Security into DevOps, Internet of Things

Apr 09, 2021/3 min read

Penetration testing: A yearly physical for your applications

By Debrup Ghosh

Tags: Software Integrity, Build Security into DevOps, Pen Testing, Web AppSec

Apr 08, 2021/12 min read

Integrating fuzzing into DevSecOps

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Build Security into DevOps, DevSecOps

Mar 17, 2021/11 min read

WLAN under fuzzing with Defensics

By Tuomo Untinen, Kari Hulkko

Tags: Software Integrity, Fuzzing, Build Security into DevOps

Mar 14, 2021/4 min read

Why should DevOps teams choose IAST?

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, IAST

Feb 23, 2021/5 min read

How to cyber security: Containerizing fuzzing targets

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Security into DevOps

Feb 23, 2021/5 min read

Analysis of an attack on automotive keyless entry systems

By Dr. Dennis Kengo Oka

Tags: Software Integrity, Build Security into DevOps, Automotive

Feb 03, 2021/4 min read

How to integrate automated AST tools in your CI/CD pipeline

By Meera Rao

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps

Jan 26, 2021/4 min read

Discovery capabilities: A core differentiator for Black Duck SCA

By Mike McGuire

Tags: SCA, Software Integrity, Build Security into DevOps, OSS License Compliance

Jan 20, 2021/7 min read

How to cyber security: Faceplanting in 10 lines of code

By Jonathan Knudsen

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps

Jan 03, 2021/6 min read

Don’t get overwhelmed with trivial defects. Manage them!

By Taylor Armerding

Tags: Software Integrity, Build Security into DevOps, AppSec Best Practices, DevSecOps

Dec 27, 2020/8 min read

DevSecOps: The good, the bad, and the ugly

By Nivedita Murthy

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps

Dec 21, 2020/5 min read

Things to consider when choosing a software composition analysis tool

By Shandra Gemmiti

Tags: SCA, Software Integrity, Build Security into DevOps

Dec 14, 2020/10 min read

How to build a serial port fuzzer with Defensics SDK

By Kari Hulkko

Tags: Software Integrity, Fuzzing, Build Security into DevOps

Dec 10, 2020/6 min read

Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Security into DevOps, Training

Dec 02, 2020/6 min read

Configure security tools for effective DevSecOps

By Taylor Armerding

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps, DevSecOps

Dec 01, 2020/5 min read

Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Security into DevOps

Nov 12, 2020/5 min read

How to cyber security: Gotta go fast … but why?

By Jonathan Knudsen

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps, DevSecOps

Nov 09, 2020/3 min read

Three DevSecOps challenges and how to mitigate them

By Patrick Carey

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps, Training, DevSecOps

Oct 18, 2020/5 min read

Get effective DevSecOps with version control

By Taylor Armerding

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps, DevSecOps

Aug 25, 2020/4 min read

Developing a COVID-19 track and trace app — through the lens of Synopsys

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Security into DevOps, Threat & Risk Assessment, Mobile, IAST, SAST, Public Sector

Jul 27, 2020/7 min read

Security bugs and flaws: Both bad, but in different ways

By Taylor Armerding

Tags: SCA, Software Integrity, Build Security into DevOps, Threat & Risk Assessment, Threat Modeling, Manage Security Risks

Jul 12, 2020/7 min read

How to Cyber Security: Fuzz a tank

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Security into DevOps

Jul 01, 2020/8 min read

Find more bugs by detecting failure better: An introduction to SanitizerProcessMonitorAgent

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Security into DevOps

Jun 28, 2020/4 min read

Are you following the top 10 software security best practices?

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, AppSec Best Practices, Manage Security Risks

Jun 17, 2020/3 min read

An introduction to installing Black Duck

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Build Security into DevOps

Jun 11, 2020/11 min read

Authentication Token Obtain and Replace (ATOR) Burp plugin to handle complex login sequences

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps

Jun 01, 2020/3 min read

Why developers need a supplemental source to NVD vulnerability data

By Fred Bals

Tags: SCA, Software Integrity, Build Security into DevOps

May 13, 2020/3 min read

Critical gap in developer security training puts applications at risk

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, AppSec Best Practices, Training

May 11, 2020/8 min read

How to Cyber Security: Fuzzing does not mean random

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Security into DevOps

May 05, 2020/4 min read

3 ways to boost your security with role-based security compliance training

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Compliance, AppSec Best Practices, Training

May 03, 2020/2 min read

3 long-term benefits of an application security training strategy

By Synopsys Editorial Staff

Tags: Software Integrity, Build Security into DevOps, Training

Mar 15, 2020/6 min read

What is security debt, and how do I get out of it?

By Taylor Armerding

Tags: SCA, Software Integrity, Program Strategy & Planning, Build Security into DevOps, Manage Security Risks

Mar 10, 2020/3 min read

How does IAST fit into DevSecOps?

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps, IAST, DevSecOps

Feb 12, 2020/3 min read

Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

By Patrick Carey

Tags: SCA, Software Integrity, Security News & Trends, Build Security into DevOps, DevSecOps, SAST

Feb 03, 2020/4 min read

Mobile security app-titude best practices for secure app design and data privacy

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, AppSec Best Practices, Mobile

Feb 02, 2020/5 min read

Ask the Experts: What’s most rewarding about your career in cyber security?

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Trends, Build Security into DevOps, Manage Security Risks

Jan 22, 2020/5 min read

Coverity & Black Duck together. Better. Faster. Stronger.

By Fred Bals

Tags: SCA, Software Integrity, Build Security into DevOps, SAST

Jan 18, 2020/4 min read

Synopsys adds GitHub Action for SAST and SCA

By Synopsys Editorial Team

Tags: SCA, Agile, CI/CD, Software Integrity, Build Security into DevOps, SAST

Jan 06, 2020/7 min read

The journey to better medical device security: Still slow, still bumpy

By Taylor Armerding

Tags: Software Integrity, Build Security into DevOps, AppSec Best Practices, Medical Devices, Healthcare

Nov 19, 2019/4 min read

SAST vs. SCA: What’s the difference? Do I need both?

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Build Security into DevOps, SAST

Nov 18, 2019/3 min read

Integrating Coverity Scan with GitLab CI

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps, SAST

Oct 09, 2019/2 min read

CloudBees and Synopsys: Putting “Sec” into DevSecOps

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps

Sep 29, 2019/4 min read

Wormwood – An Explicit Way to Test Absinthe GraphQL APIs

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Security into DevOps

Sep 19, 2019/4 min read

Q&A: Fuzz testing, agent instrumentation, and Defensics

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Build Security into DevOps

Jun 04, 2019/6 min read

It’s not just autonomous cars of the future that need security

By Taylor Armerding

Tags: Software Integrity, Build Security into DevOps, Manage Security Risks, Automotive

May 24, 2019/3 min read

How are code quality and code security related?

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, SAST, Web AppSec, Internet of Things

May 08, 2019/1 min read

Announcing Code Sight 2019.4

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Trends, Build Security into DevOps, SAST

Mar 20, 2019/4 min read

Want to secure your apps? Build security in with the right toolchain

By Taylor Armerding

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps, Threat & Risk Assessment, Manage Security Risks

Jan 30, 2019/2 min read

How to “shift left” with application security tools, and how not to

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps

Jan 29, 2019/7 min read

Why dependencies matter for SAST

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Training, SAST

Nov 19, 2018/2 min read

Should I include CSRF protection on a login form?

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Security into DevOps

Nov 15, 2018/6 min read

WPA2 encryption bypass: Using Defensics to uncover behavioral vulnerabilities

By Tuomo Untinen

Tags: Software Integrity, Fuzzing, Build Security into DevOps, Compliance

Nov 13, 2018/1 min read

Today I Learned: Using SCSS in your Vue Components

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Security into DevOps

Sep 14, 2018/6 min read

Let’s write more CodeXM checkers (second-stage ignition)

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, SAST

Sep 05, 2018/2 min read

A Quick Guide to the Complex: Ecto.Multi

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Security into DevOps

Aug 28, 2018/3 min read

The intersection between IAST and SCA and why you need both in your security toolkit

By Tim Mackey

Tags: SCA, Agile, CI/CD, Software Integrity, Build Security into DevOps, IAST, Manage Security Risks

Aug 19, 2018/2 min read

Integrating Coverity static analysis into development workflows

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps, SAST

Aug 01, 2018/3 min read

Slim Docker Images for Rails

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Security into DevOps

Jul 20, 2018/4 min read

Remediating XSS: Does a single fix work?

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Trends, Build Security into DevOps, Web AppSec, Manage Security Risks

May 07, 2018/9 min read

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

By Meera Rao

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps, DevSecOps, SAST

Mar 26, 2018/56 min read

Cracking XenForo corpuses: An unsupported sha256(sha256($pass).$salt) hash type

By Travis Biehn

Tags: Software Integrity, Build Security into DevOps, Training

Mar 21, 2018/8 min read

Detecting Spectre vulnerability exploits with static analysis

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, SAST

Mar 18, 2018/3 min read

What’s the difference between agile, CI/CD, and DevOps?

By John Steven

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps

Feb 19, 2018/4 min read

Can Coverity automatically ignore issues in third-party or noncritical code?

By Kris Diefenderfer

Tags: Software Integrity, Build Security into DevOps, SAST

Jan 30, 2018/5 min read

Migrating to Docker on Black Duck

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Build Security into DevOps, Container Security

Nov 13, 2017/2 min read

Streamlining development with a DevSecOps life cycle

By Apoorva Phadke

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps, DevSecOps, Manage Security Risks

Aug 15, 2017/3 min read

Scan nirvana: Hub Detect for all native build and CI tools

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps

Jul 06, 2017/8 min read

Building your DevSecOps pipeline: 5 essential activities

By Meera Rao

Tags: Agile, CI/CD, Software Integrity, Build Security into DevOps

Jun 20, 2017/4 min read

A primer on protecting keys and secrets in Microsoft Azure

By Sakthi Mohan

Tags: Software Integrity, Build Security into DevOps, Manage Security Risks

Jun 06, 2017/4 min read

Security topics every software developer should know

By Apoorva Patankar

Tags: Software Integrity, Build Security into DevOps, Training

May 16, 2017/2 min read

Node.js: Preventing common vulnerabilities in the MEAN stack

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Web AppSec, Manage Security Risks

May 08, 2017/5 min read

AngularJS: Preventing common vulnerabilities in the MEAN stack

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Web AppSec

Apr 20, 2017/2 min read

ExpressJS: Preventing common vulnerabilities in the MEAN stack (Part 1)

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Web AppSec, Manage Security Risks

Apr 13, 2017/5 min read

MongoDB: Preventing common vulnerabilities in the MEAN stack

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Web AppSec

Apr 04, 2017/7 min read

Attributes of secure web application architecture

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Build Security into DevOps, Web AppSec, Manage Security Risks

Mar 22, 2017/4 min read

Forging a SHA-1 MAC using a length-extension attack in Python

By Mantej Singh Rajpal

Tags: Software Integrity, Build Security into DevOps, Web AppSec

Mar 22, 2017/6 min read

Swift: Close to greatness in programming language design, Part 2

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, SAST

Feb 23, 2017/11 min read

AngularJS security series part 1: Angular $http service

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Training, Web AppSec

Jan 11, 2017/3 min read

How much do bugs cost to fix during each phase of the SDLC?

By Arvinder Saini

Tags: Software Integrity, Build Security into DevOps, Threat & Risk Assessment, Pen Testing, IAST, Manage Security Risks

Dec 14, 2016/2 min read

How to prevent SQL injection attacks: A cheat sheet

By Jamie Boote

Tags: Software Integrity, Build Security into DevOps, SAST, Manage Security Risks

Nov 28, 2016/4 min read

5 reasons to use third-party authentication instead of creating your own

By Synopsys Editorial Staff

Tags: Software Integrity, Build Security into DevOps, Compliance, SAST

Nov 19, 2016/5 min read

Sweet32: Time to retire 3DES?

By Amit Sethi

Tags: Software Integrity, Build Security into DevOps

Nov 08, 2016/5 min read

Abuse cases: How to think like a hacker

By Synopsys Editorial Staff

Tags: Software Integrity, Build Security into DevOps

Nov 07, 2016/5 min read

How to choose between closed source and open source software

By Jamie Boote

Tags: Software Integrity, Build Security into DevOps, SAST

Aug 24, 2016/3 min read

4 ineffective security controls that leave you with a false sense of security

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Training

Aug 24, 2016/2 min read

Pseudorandom number generation means pseudosecurity

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Training

Aug 08, 2016/3 min read

Avoiding false positives in application security through customization

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, SAST, Web AppSec, Manage Security Risks

Aug 01, 2016/5 min read

An escape room called the ‘AngularJS sandbox’

By Ksenia Peguero

Tags: Software Integrity, Build Security into DevOps

Apr 28, 2016/3 min read

Man in the middle: When Bob met Alice, and Eve heard everything

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Trends, Build Security into DevOps, Web AppSec, Manage Security Risks

Apr 12, 2016/6 min read

Application security vs. software security: What’s the difference?

By Monika Chakraborty

Tags: Software Integrity, Build Security into DevOps, Mobile, Web AppSec

Mar 15, 2016/3 min read

How to do static analysis testing in 6 easy steps

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, AppSec Best Practices, SAST, Manage Security Risks

Mar 09, 2016/3 min read

What’s the difference? OAuth 1.0 vs OAuth 2.0

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Training, Web AppSec

Mar 08, 2016/9 min read

An examination of ineffective certificate pinning implementations

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Mobile

Feb 10, 2016/2 min read

Static analysis tools: Are they the best for finding bugs?

By Apoorva Phadke

Tags: Software Integrity, Build Security into DevOps, SAST, Manage Security Risks

Jan 27, 2016/5 min read

When and how to support static analysis tools with manual code review

By Mike Lyman

Tags: Software Integrity, Build Security into DevOps, SAST, Web AppSec, Manage Security Risks

Jan 18, 2016/4 min read

Pen testing best practices to take the pain out of penetration testing

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, AppSec Best Practices, Web AppSec

Dec 17, 2015/6 min read

Android WebViews and the JavaScript to Java bridge

By Andrew Lee-Thorp

Tags: Software Integrity, Build Security into DevOps, Mobile

Dec 10, 2015/2 min read

What are cryptographic hash functions?

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Build Security into DevOps, Manage Security Risks

Oct 09, 2015/5 min read

Using the SafetyNet API

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Mobile

Sep 23, 2015/7 min read

Benefits of Code Scanning for Code Review

By Mike Lyman

Tags: Software Integrity, Security News & Trends, Build Security into DevOps, SAST

Aug 06, 2015/1 min read

Serving resources over SSL with CSP upgrade-insecure-requests

By Ksenia Peguero

Tags: Software Integrity, Build Security into DevOps, Web AppSec, Manage Security Risks

Aug 03, 2015/5 min read

Integrating Touch ID into your iOS applications

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Mobile

Apr 07, 2015/4 min read

How mapping the Ocean’s Eleven heist can make you better at application security testing

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps

Mar 22, 2015/4 min read

The 3 laws of robots.txt

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Build Security into DevOps, Web AppSec

Dec 13, 2014/8 min read

How to fix cross-site scripting: A developer’s guide

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Build Security into DevOps

Nov 03, 2014/9 min read

Understanding Python bytecode

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Web AppSec, Manage Security Risks

Apr 24, 2014/3 min read

Understanding fragment injection

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps, Mobile, Web AppSec

Apr 13, 2014/4 min read

On detecting Heartbleed with static analysis

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Trends, Build Security into DevOps, SAST

Apr 07, 2014/6 min read

Heartbleed vulnerability: What should you do?

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Security News & Trends, Build Security into DevOps

Jan 20, 2014/2 min read

SHA2 ‘vs.’ SHA1

By John Steven

Tags: Software Integrity, Program Strategy & Planning, Build Security into DevOps, Compliance

Jan 15, 2014/3 min read

SecureRandom implementation (sun.security.provider.SecureRandom – SHA1PRNG)

By Synopsys Editorial Team

Tags: Software Integrity, Build Security into DevOps

Jan 05, 2014/2 min read

Issues to be aware of when using Java's SecureRandom

By Synopsys Editorial Staff

Tags: Software Integrity, Build Security into DevOps

Jul 25, 2013/7 min read

Protect Your Website From Its Embedded Content With iFrames

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Security into DevOps

Mar 07, 2013/4 min read

Ruby Demystified: and vs. &&

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Security into DevOps

Apr 27, 2012/8 min read

Caching security architecture knowledge with design patterns

By John Steven

Tags: Software Integrity, Build Security into DevOps

Oct 31, 2010/2 min read

Secure URL redirection remediation

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Build Security into DevOps, Web AppSec

194

Stories

Writers

Top Writers

Synopsys Editorial Team

Jonathan Knudsen

Taylor Armerding

Last Published