Software Integrity Blog

Archive for the 'Software Security Research' Category

 

Apache Struts research at scale, Part 1: Building 115 versions of Struts

When our research findings from CVE-2018-11776 prompted us to research other vulnerabilities, the first step was building 115 versions of Apache Struts.

Continue Reading...

Posted in Software Security Research

 

The Synopsys Cybersecurity Research Center (CyRC): Advancing the state of software security

The Synopsys Software Integrity Group is pleased to announce the public launch of CyRC (Cybersecurity Research Center).

Continue Reading...

Posted in Software Security Research

 

WPA2 encryption bypass: Using Defensics to uncover behavioral vulnerabilities

We discovered a WPA2 encryption bypass vulnerability (CVE-2018-18907) in a router that allows full access to a WLAN without credentials. The vendor has released a patch for the device.

Continue Reading...

Posted in Fuzz Testing, Software Security Research

 

CyRC Vulnerability Advisory: CVE-2018-18907 authentication bypass vulnerability in D-Link DIR-850L wireless router

Read the Synopsys Cybersecurity Research Center’s (CyRC) analysis of CVE-2018-18907, an authentication bypass vulnerability in the D-Link DIR-850L wireless router.

Continue Reading...

Posted in Software Security Research

 

CVE-2018-11776: The latest Apache Struts vulnerability

CVE-2018-11776, a newly disclosed critical remote code execution vulnerability, affects all supported versions of Apache Struts 2 web application framework.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA), Software Security Research