Software Integrity

Archive for the 'Vulnerability Assessment' Category

 

Learning from KRACK and ROCA: Here’s how to equip your firm

Last week’s news introduced us to another pair of vulnerabilities hitting right at the foundation of everything we place our trust in. Named KRACK and ROCA, these flaws target specific facets of Wi-Fi networks and cryptographic keys, meaning that attackers can potentially sneak into networks we consider private, and decipher things we consider secret. Who’s affected? […]

Continue Reading...

Posted in Application Security, Data Breach, Security Training, Vulnerability Assessment | Comments Off on Learning from KRACK and ROCA: Here’s how to equip your firm

 

KRACK: Examining the WPA2 protocol flaw and what it means for your business

WPA2? The weekend of Friday the 13th took a frightening turn—even for those of us who aren’t superstitious—when detrimental weaknesses were discovered in Wi-Fi Protected Access II (WPA2), the protocol responsible for securing Wi-Fi networks. WPA2 was first made available back in 2004 and has been required on all Wi-Fi branded devices since March 2006. […]

Continue Reading...

Posted in Application Security, Data Breach, Software Quality, Vulnerability Assessment | Comments Off on KRACK: Examining the WPA2 protocol flaw and what it means for your business

 

Learn how to customize the OWASP Top 10 to fit your firm

A list of critical web application security vulnerabilities is a necessary risk management tool. Equally true is that each organization has a different set of vulnerabilities plaguing their applications. To complete a trifecta of fundamental truths, crowdsourced lists such as the OWASP Top 10 rarely reflect an individual organization’s priorities. Given all that, many organizations […]

Continue Reading...

Posted in OWASP, Security Risk Assessment, Threat Intelligence, Vulnerability Assessment | Comments Off on Learn how to customize the OWASP Top 10 to fit your firm

 

What you need to know about BlueBorne Bluetooth flaws

Initially created to support hands-free headsets, Bluetooth in 2017 is far from a simple wireless technology standard. It has evolved into a much different technology than today’s standard Wi-Fi wireless protocols. Researchers Ben Seri and Gregory Vishnepolsky of Armis Labs examine how complicated the Bluetooth implementation has become by navigating the complex protocol implementations in […]

Continue Reading...

Posted in Application Security, Data Breach, Vulnerability Assessment | Comments Off on What you need to know about BlueBorne Bluetooth flaws

 

Is your software MISRA clean?

“Scalpel.” “Scalpel.” “Let’s make the incision … There we go …  Spreader.” “Spreader.” “Good. A little wider. Like that. Metzenbaum.” “Metzenbaum.” “There we are. We’re at the DIVIDE_BY_ZERO site. As you can see, it starts here, and follows this path here. We’ll remove it … gently … nice, a clean extraction. Now, let’s graft in […]

Continue Reading...

Posted in Application Security, Secure Coding Guidelines, Security Standards and Compliance, Software Quality, Vulnerability Assessment | Comments Off on Is your software MISRA clean?

 

Building your DevSecOps pipeline: 5 essential activities

No matter what you call it, SecDevOps, DevSecOps, or DevOpsSec, you have to build security into your continuous integration, continuous delivery, and continuous deployment pipeline. This checklist will guide you through the DevSecOps journey—as we’ll call it within this checklist—to assure that you’re integrating security into your pipeline. Here, we’re going to look at each of […]

Continue Reading...

Posted in Application Security, DevOps, Software Security Testing, Vulnerability Assessment | Comments Off on Building your DevSecOps pipeline: 5 essential activities

 

Security topics every software developer should know

Software developers and information security professionals have almost always been two mutually exclusive groups. However, with the increase in security awareness, developers have started integrating security into the development process. To further bridge the gap between development and security, it is essential for developers to have a good understanding of security principles. In this post, […]

Continue Reading...

Posted in Application Security, Security Training, Software Security Testing, Vulnerability Assessment | Comments Off on Security topics every software developer should know

 

Fault Injection Podcast .002: What’s in your software?

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report: The State of Software Composition 2017. You can always join the discussion by sending us […]

Continue Reading...

Posted in Application Security, Open Source Security, Software Composition Analysis, Vulnerability Assessment | Comments Off on Fault Injection Podcast .002: What’s in your software?

 

7-year-old SAMBA flaw prompts new concerns (and patches)

With just one line of code, a malicious attacker can exploit a recently disclosed seven-year-old vulnerability in SAMBA. Known as CVE-2017-7494, the vulnerability affects Linux and Unix systems that: Are running SAMBA 3.5.0 or later Provide file- and printer-sharing on port 445 Are addressable from the internet Contain shared files Include write privileges Involve guessable […]

Continue Reading...

Posted in Vulnerability Assessment, Web Application Security | Comments Off on 7-year-old SAMBA flaw prompts new concerns (and patches)

 

Why should every eCommerce website have an SSL certificate?

In the world of data security, a critical element of working with users is earning their trust. Obtaining, implementing, and properly using an SSL certificate is one way to protect user data. Without a certificate, there is also no easy way to keep the communications between the user and an eCommerce website private from attackers. […]

Continue Reading...

Posted in Application Security, Vulnerability Assessment, Web Application Security | Comments Off on Why should every eCommerce website have an SSL certificate?