Software Security

Archive for the 'Threat Intelligence' Category

 

Synopsys wins NetworkWorld Asia Information Management Award

We’re excited to announce that the Synopsys Software Integrity Group was selected as the winner in the Threat Intelligence Management category for the 2017 NetworkWorld Asia Information Management Awards. Why is this award important? Attacks today are continuously advancing in sophistication, persistence, and volume. This results in an unmanageable stream of inconsistent, contradictory threat data […]

Continue Reading...

Posted in Threat Intelligence | No Comments »

 

Learn how to customize the OWASP Top 10 to fit your firm

A list of critical web application security vulnerabilities is a necessary risk management tool. Equally true is that each organization has a different set of vulnerabilities plaguing their applications. To complete a trifecta of fundamental truths, crowdsourced lists such as the OWASP Top 10 rarely reflect an individual organization’s priorities. Given all that, many organizations […]

Continue Reading...

Posted in OWASP, Security Risk Assessment, Threat Intelligence, Vulnerability Assessment | Comments Off on Learn how to customize the OWASP Top 10 to fit your firm

 

Hajime and Mirai locked in an IoT botnet turf war

Last fall, someone released a benign worm looking to protect Internet of Things (IoT) devices from more dangerous worms. Known as Hajime, the vigilante malware appears to be designed to block another IoT worm, Mirai. The two are chasing each other around the world. Each are locked in a weird internet turf war seemingly bent on […]

Continue Reading...

Posted in Application Security, Security Risk Assessment, Threat Intelligence | Comments Off on Hajime and Mirai locked in an IoT botnet turf war

 

AngularJS 1.6: Life outside the sandbox

AngularJS 1.6 was recently released. With this release comes several impactful changes. One such change to note is the removal of the expression sandbox. This was a predicted change that was first announced in early September. If you haven’t already evaluated the impact of this on your Angular code in preparation for the changes, it’s […]

Continue Reading...

Posted in JavaScript Security, Software Security Testing, Threat Intelligence, Vulnerability Assessment | Comments Off on AngularJS 1.6: Life outside the sandbox

 

Flaw in ASN.1 code library could impact every form of communications

A code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones contains a flaw that makes it possible to eavesdrop or disrupt entire networks. An advisory published Monday evening describes a flaw in the way most systems implement […]

Continue Reading...

Posted in Security Risk Assessment, Threat Intelligence | Comments Off on Flaw in ASN.1 code library could impact every form of communications