Written by Liana Hadarean. In a recent blog post, Detecting Spectre vulnerability exploits with static analysis, we showed how developers can use static analysis to help protect their applications from the Spectre variant 1 vulnerability (bounds check bypass). Synopsys Software Integrity Group released a checker for Coverity (AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK) that helps developers identify vulnerable code. The result is […]
Continue Reading...
Posted in Application Security, Featured, Static Analysis (SAST)
With apologies to the late Douglas Adams, writing a checker is hard. You just won’t believe how vastly, hugely, mind-bogglingly hard it is. I mean, you may think it’s difficult to pull together a purchase order for a new bit of software, but that’s just peanuts to writing a checker. Truth be told, writing a […]
Continue Reading...
Posted in Application Security, Software Security Testing, Static Analysis (SAST)
Every application security testing tool has advantages and disadvantages. No single solution can ensure you find and fix all vulnerabilities. But application security tools can complement one another and help you secure your applications in each stage of the software development life cycle (SDLC) and beyond. Here’s a quick overview of SAST, IAST, DAST, and […]
Continue Reading...
Posted in Dynamic Analysis (DAST), Featured, Infographic, Interactive Application Security Testing (IAST), Runtime Application Self-Protection (RASP), Static Analysis (SAST)
This is the first post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. Aligning static analysis with development goals Application security responsibilities are shifting to the developer as organizations look to produce secure, high-quality software at a competitive pace. Because of […]
Continue Reading...
Posted in Application Security, Featured, Software Security Testing, Static Analysis (SAST)
A little background on DO-178 We live with software failure every day—from cell phones and laptops that crash or hang to headline-grabbing stories of personal data breaches. Software has been used in safety-critical airborne applications for decades, but fatalities caused by software are unheard of in civil aviation. Why this difference? The reason is the […]
Continue Reading...
Posted in DevOps, Software Quality, Static Analysis (SAST), Weekly Security Mashup
In the era of agile development and outsourcing, implementing a secure software development life cycle (SSDLC) is critical. However, it may not help you achieve the level of risk mitigation you desire. You may need to extend your software security approach to provide an additional layer of protection for applications once they have been deployed. […]
Continue Reading...
Posted in Application Security, Dynamic Analysis (DAST), Runtime Application Self-Protection (RASP), Software Development Life Cycle (SDLC), Static Analysis (SAST)
Vulnerable routers aren’t news Long ago and far away—in 2014, which is indeed long ago and far away in our cutting-edge world of information technology—security gurus like Dan Geer, Jim Gettys, and Bruce Schneier were issuing urgent warnings about the catastrophic insecurity of routers—those devices in our homes that give us access to the World […]
Continue Reading...
Posted in Application Security, Internet of Things, Static Analysis (SAST)
The timeless demand to reduce time to market has put DevOps in a position to solidify itself as a defining characteristic of modern SDLCs. While the need to accelerate software development is as old as software development is, the need to produce secure software is currently gaining traction in light of recent software security blunders. […]
Continue Reading...
Posted in CI/CD, DevOps, Static Analysis (SAST)
The latest release of Coverity by Synopsys features seamless integration with our completely rebuilt eLearning platform, an on-demand developer training solution focusing on secure coding best practices and security guidance. On-demand developer training enables development teams Synopsys eLearning is an outcome-driven, learner-centric training solution that makes learning about security easy, relevant, and accessible. With eLearning, learners […]
Continue Reading...
Posted in Application Security, eLearning, Static Analysis (SAST)
As you have no doubt heard, Spectre and Meltdown aren’t software bugs that can be fixed in a few days or weeks when a company pushes out a patch. They are part of the architecture of hardware – the chips that run your computer. And you don’t just roll out a patch for hardware. Chips […]
Continue Reading...
Posted in Static Analysis (SAST), Vulnerability Assessment
