Software Integrity

Archive for the 'Software Security Testing' Category

 

Detecting Spectre vulnerability exploits with static analysis

Written by Charles-Henri Gros, Liana Hadarean, and Mandar Satam. In the last few months, Spectre (CVE-2017-5753 and CVE-2017-5715) has emerged as a new kind of vulnerability. In the interest of helping the development community actively defend against these exploits, the Synopsys Software Integrity Group is releasing a checker that can identify code patterns that are […]

Continue Reading...

Posted in Software Security Testing, Static Analysis (SAST), Vulnerability Assessment | Comments Off on Detecting Spectre vulnerability exploits with static analysis

 

How can blockchain applications adapt and adopt software security best practices?

Though blockchain-native software is in its infancy, the technology races forward to meet more and more use cases. But the community doesn’t seem to have taken software security principles seriously, as we can see from the recent scan of Ethereum smart contracts that identified 34,200 vulnerable contracts. For added perspective, a smart contract is a […]

Continue Reading...

Posted in Application Security, Blockchain Security, Software Security Testing | Comments Off on How can blockchain applications adapt and adopt software security best practices?

 

What can we learn from the video game industry’s approach to software security?

The video game market is a $100+ billion industry. Some of the most complex software developed today is for video games, using clients, servers, web components, monetary transfers, social interactions, and virtual markets—with every part needing security. Video games are attractive and lucrative targets for hackers, especially when it comes to cheating and piracy. With […]

Continue Reading...

Posted in Application Security, Software Security Testing | Comments Off on What can we learn from the video game industry’s approach to software security?

 

Blockchain security and the cryptocurrency boom, Part 2: Application

In Part 1 of our article on blockchain security and cryptocurrency, we took a hard look at the core components that make up a successful cryptocurrency like Bitcoin. From the distributed network itself to the individuals who wish to own and use a cryptocurrency wallet to transfer or spend Bitcoin, security is key (pun intended) […]

Continue Reading...

Posted in Blockchain Security, Cryptography, Software Security Testing, Vulnerability Assessment | Comments Off on Blockchain security and the cryptocurrency boom, Part 2: Application

 

Blockchain security and the cryptocurrency boom, Part 1: Theory

Thanks to Bitcoin, it’s fair to say that “blockchain” is a buzzword at the moment—like DevOps, or Zumba. This article isn’t going to dive into what a blockchain is, because many others out there already do that. Here’s a pretty good one that has a snappy description of the evolution of Bitcoin and its symbiotic […]

Continue Reading...

Posted in Blockchain Security, Cryptography, Software Security Testing, Vulnerability Assessment | Comments Off on Blockchain security and the cryptocurrency boom, Part 1: Theory

 

How is static analysis a productivity tool for engineering teams?

“I lost my keys. How long will it take to find them?” This is a laughable question, but it’s analogous to “How long will it take to debug this?” Developers scoff at this question as if it were an unreasonable demand, just as inexperienced project managers are shocked that a simple answer isn’t forthcoming. But […]

Continue Reading...

Posted in Application Security, Software Quality, Software Security Testing, Static Analysis (SAST) | Comments Off on How is static analysis a productivity tool for engineering teams?

 

Checklist: Do the software testing tools you employ empower your developers?

Finding and resolving security issues early in the development process saves your organization both time and money. It’s an inefficient strategy to implement solutions further into the software development life cycle (SDLC). However, addressing issues early in the process is easier said than done. Choosing the software testing tools that best align with your firm’s […]

Continue Reading...

Posted in Software Security Testing, Software Testing Optimization | Comments Off on Checklist: Do the software testing tools you employ empower your developers?

 

Navigating responsible vulnerability disclosure best practices

The definition of responsible vulnerability disclosure varies based on who you ask. Tech goliath Microsoft has openly disagreed with Google on this very topic, as outlined by The Verge. In the vulnerability management industry, discretion is key. Because we’re continuously handling vulnerabilities that can be used maliciously by black hats, there are widespread implications and […]

Continue Reading...

Posted in Application Security, Fuzz Testing, Security Risk Assessment, Software Security Testing, Vulnerability Assessment | Comments Off on Navigating responsible vulnerability disclosure best practices

 

What are the different types of software testing?

Most of us use the internet on a daily basis. As the number of internet users continues to grow, more personal and sensitive information is collected—information that firms need to protect. From online banking and ordering food, to calling a cab, paying bills, and booking hotels, our lives are highly plugged-in. With this, the onus is […]

Continue Reading...

Posted in Application Security, Software Security Testing | Comments Off on What are the different types of software testing?

 

How to implement security measures without negatively affecting software quality

Over the past decade, most organizations have established a well-oiled process for software development and maintenance. We refer to this as the software development life cycle (SDLC). However, advancing security threats relating to insecure software have brought the focus to security implementation within the SDLC without hampering quality. Let’s examine a few strategies to implement security […]

Continue Reading...

Posted in Application Security, Software Development Life Cycle (SDLC), Software Quality, Software Security Testing | Comments Off on How to implement security measures without negatively affecting software quality