Software Integrity Blog

Archive for the 'Software Architecture & Design' Category

 

It’s past time to put passwords out of our misery

No password is secure. With so many password alternatives now available, such as FIDO and passwordless authentication, we can get rid of passwords for good.

Continue Reading...

Posted in Application Security, Software Architecture & Design | Comments Off on It’s past time to put passwords out of our misery

 

Quantifying software quality risks in tech M&A

Tech M&A typically evaluates security and legal risks, but what about software quality risks? Poor code and architecture quality can have a lasting impact.

Continue Reading...

Posted in Mergers & Acquisitions, Software Architecture & Design, Software Compliance, Quality & Standards | Comments Off on Quantifying software quality risks in tech M&A

 

The Verizon DBIR and the art of the breach

An attack path is a series of threat actions leading to a successful data breach. The Verizon 2019 DBIR (Data Breach Investigations Report) offers insights.

Continue Reading...

Posted in Data Breach Security, Software Architecture & Design | Comments Off on The Verizon DBIR and the art of the breach

 

Want to secure your apps? Build security in with the right toolchain

Having the right application security toolchain is the most effective way to build security in, which is critical to securing modern apps against attacks.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Software Architecture & Design | Comments Off on Want to secure your apps? Build security in with the right toolchain

 

OWASP Top 10 web application security risks

The OWASP Top 10 2017 is a list of the most significant web application security risks. How are you addressing these top 10 web app vulnerabilities?

Continue Reading...

Posted in Software Architecture & Design, Web Application Security | Comments Off on OWASP Top 10 web application security risks

 

From mainframes to connected cars: How software drives the automotive industry

The automotive industry runs on software—but increased software increases the attack surface. Vehicle safety starts with automotive software security.

Continue Reading...

Posted in Automotive Cyber Security, Software Architecture & Design, Software Security Program | Comments Off on From mainframes to connected cars: How software drives the automotive industry

 

VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s episode, you ask? Russia vs. Ukraine, Beemer as the ultimate hackable machine, and Nest “smart home” devices.

Continue Reading...

Posted in Automotive Cyber Security, IoT Security, Software Architecture & Design | Comments Off on VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline

 

How does the TeenSafe data leak present a classic false sense of security?

Security researcher Robert Wiggins recently uncovered a serious security issue in the TeenSafe “secure” monitoring product for Android and iOS platforms.

Continue Reading...

Posted in Cloud Security, Data Breach Security, Software Architecture & Design | Comments Off on How does the TeenSafe data leak present a classic false sense of security?

 

Bad Signal gets quick fix

It looked like a bright spot in a gloomy week for the encrypted messaging app Signal. And it was, in fact, a positive thing—a patch for a serious XSS (cross-site scripting) vulnerability that the company made available only hours after a public report of the problem. It just wasn’t quite as bright a moment as it initially appeared.

Continue Reading...

Posted in Software Architecture & Design | Comments Off on Bad Signal gets quick fix

 

Examining Spectre and Meltdown attacks

Continue Reading...

Posted in Software Architecture & Design, Static Analysis (SAST) | Comments Off on Examining Spectre and Meltdown attacks