Software Integrity Blog

Archive for the 'Software Architecture and Design' Category

 

What happens when your CISO has one of those days?

A CISO having a bad day finds out the hard way that cutting corners on software security testing might end up costing him more than he saved.

Continue Reading...

Posted in Cloud Security, Interactive Application Security Testing (IAST), Maturity Model (BSIMM), Mobile Application Security, Open Source Security, Security Training, Software Architecture and Design, Software Composition Analysis | Comments Off on What happens when your CISO has one of those days?

 

The Verizon DBIR and the art of the breach

An attack path is a series of threat actions leading to a successful data breach. The Verizon 2019 DBIR (Data Breach Investigations Report) offers insights.

Continue Reading...

Posted in Data Breach, Software Architecture and Design | Comments Off on The Verizon DBIR and the art of the breach

 

Want to secure your apps? Build security in with the right toolchain

Having the right application security toolchain is the most effective way to build security in, which is critical to securing modern apps against attacks.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Software Architecture and Design | Comments Off on Want to secure your apps? Build security in with the right toolchain

 

OWASP Top 10 web application security risks

The OWASP Top 10 2017 is a list of the most significant web application security risks. How are you addressing these top 10 web app vulnerabilities?

Continue Reading...

Posted in Security Standards and Compliance, Software Architecture and Design, Web Application Security | Comments Off on OWASP Top 10 web application security risks

 

From mainframes to connected cars: How software drives the automotive industry

The automotive industry runs on software—but increased software increases the attack surface. Vehicle safety starts with automotive software security.

Continue Reading...

Posted in Automotive Security, Maturity Model (BSIMM), Software Architecture and Design | Comments Off on From mainframes to connected cars: How software drives the automotive industry

 

VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. What’s in this week’s episode, you ask? Russia vs. Ukraine, Beemer as the ultimate hackable machine, and Nest “smart home” devices.

Continue Reading...

Posted in Automotive Security, General, Internet of Things, Software Architecture and Design | Comments Off on VPNFilter, BMW connected car vulnerability, and Nest IoT devices go offline

 

How does the TeenSafe data leak present a classic false sense of security?

Security researcher Robert Wiggins recently uncovered a serious security issue in the TeenSafe “secure” monitoring product for Android and iOS platforms.

Continue Reading...

Posted in Cloud Security, Data Breach, Software Architecture and Design | Comments Off on How does the TeenSafe data leak present a classic false sense of security?

 

Bad Signal gets quick fix

It looked like a bright spot in a gloomy week for the encrypted messaging app Signal. And it was, in fact, a positive thing—a patch for a serious XSS (cross-site scripting) vulnerability that the company made available only hours after a public report of the problem. It just wasn’t quite as bright a moment as it initially appeared.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Bad Signal gets quick fix

 

Examining Spectre and Meltdown attacks

Continue Reading...

Posted in Software Architecture and Design, Static Analysis (SAST) | Comments Off on Examining Spectre and Meltdown attacks

 

Verizon DBIR puts security burden on users

The 2018 Verizon Data Breach Investigations Report (DBIR)—the 11th annual exhaustive collection of good advice and (mostly) bad news—which dropped a couple of weeks ago, doesn’t contain any major surprises about the state of online security.

Continue Reading...

Posted in Data Breach, Maturity Model (BSIMM), Software Architecture and Design | Comments Off on Verizon DBIR puts security burden on users