Software Integrity

Archive for the 'Software Security Testing' Category

 

Golden Cup was a world cup of trouble

Nobody with any connection to, or interest in, the FIFA World Cup can say they weren’t warned. In the days leading up to the quadrennial world championship of European football (or soccer), security experts put the word out constantly that everybody involved—players, organizers, staff, and spectators (including those watching on TV or online)—would be a […]

Continue Reading...

Posted in Software Quality, Software Security Testing, Threat Intelligence

 

5 essentials for getting your bearings in a DevSecOps world

As we rapidly move toward DevSecOps, it’s worthwhile to take a breath and orient ourselves. Development and operations teams have already come a long way by aligning around the shared goal of delivering stable, high-quality software—quickly. By automating manual processes and building tools into the continuous integration and continuous delivery (CI/CD) pipeline, they’ve increased trust […]

Continue Reading...

Posted in Application Security, DevOps, Software Security Testing

 

Detecting Spectre vulnerability exploits with static analysis

Written by Charles-Henri Gros, Liana Hadarean, and Mandar Satam. In the last few months, Spectre (CVE-2017-5753 and CVE-2017-5715) has emerged as a new kind of vulnerability. In the interest of helping the development community actively defend against these exploits, the Synopsys Software Integrity Group is releasing a checker that can identify code patterns that are […]

Continue Reading...

Posted in Software Security Testing, Static Analysis (SAST), Vulnerability Assessment

 

How can blockchain applications adapt and adopt software security best practices?

Though blockchain-native software is in its infancy, the technology races forward to meet more and more use cases. But the community doesn’t seem to have taken software security principles seriously, as we can see from the recent scan of Ethereum smart contracts that identified 34,200 vulnerable contracts. For added perspective, a smart contract is a […]

Continue Reading...

Posted in Application Security, Blockchain Security, Software Security Testing

 

What can we learn from the video game industry’s approach to software security?

The video game market is a $100+ billion industry. Some of the most complex software developed today is for video games, using clients, servers, web components, monetary transfers, social interactions, and virtual markets—with every part needing security. Video games are attractive and lucrative targets for hackers, especially when it comes to cheating and piracy. With […]

Continue Reading...

Posted in Application Security, Software Security Testing

 

Blockchain security and the cryptocurrency boom, Part 2: Application

In Part 1 of our article on blockchain security and cryptocurrency, we took a hard look at the core components that make up a successful cryptocurrency like Bitcoin. From the distributed network itself to the individuals who wish to own and use a cryptocurrency wallet to transfer or spend Bitcoin, security is key (pun intended) […]

Continue Reading...

Posted in Blockchain Security, Cryptography, Software Security Testing, Vulnerability Assessment

 

Blockchain security and the cryptocurrency boom, Part 1: Theory

Thanks to Bitcoin, it’s fair to say that “blockchain” is a buzzword at the moment—like DevOps, or Zumba. This article isn’t going to dive into what a blockchain is, because many others out there already do that. Here’s a pretty good one that has a snappy description of the evolution of Bitcoin and its symbiotic […]

Continue Reading...

Posted in Blockchain Security, Cryptography, Software Security Testing, Vulnerability Assessment

 

How is static analysis a productivity tool for engineering teams?

“I lost my keys. How long will it take to find them?” This is a laughable question, but it’s analogous to “How long will it take to debug this?” Developers scoff at this question as if it were an unreasonable demand, just as inexperienced project managers are shocked that a simple answer isn’t forthcoming. But […]

Continue Reading...

Posted in Application Security, Software Quality, Software Security Testing, Static Analysis (SAST)

 

Checklist: Do the software testing tools you employ empower your developers?

Finding and resolving security issues early in the development process saves your organization both time and money. It’s an inefficient strategy to implement solutions further into the software development life cycle (SDLC). However, addressing issues early in the process is easier said than done. Choosing the software testing tools that best align with your firm’s […]

Continue Reading...

Posted in Software Security Testing, Software Testing Optimization

 

Navigating responsible vulnerability disclosure best practices

The definition of responsible vulnerability disclosure varies based on who you ask. Tech goliath Microsoft has openly disagreed with Google on this very topic, as outlined by The Verge. In the vulnerability management industry, discretion is key. Because we’re continuously handling vulnerabilities that can be used maliciously by black hats, there are widespread implications and […]

Continue Reading...

Posted in Application Security, Fuzz Testing, Security Risk Assessment, Software Security Testing, Vulnerability Assessment