- All Products
- Software Integrity
- Semiconductor IP
- Verification
- Design
- Silicon Engineering
- Application Security Services
- Dynamic Analysis (DAST)
- Mobile Application Security
- Penetration Testing
- Managed Static Analysis
- All Services
- Software Security
- Silicon Design
- Community
- Academic Programs
- Electronic Design
- Optical Design
- Static Analysis
- About Us
< All Products
< All Products
< All Products
< All Products
< All Products
< All Products
< overview
All Products
+ Software Integrity + Semiconductor IP + Verification + Design + Silicon Engineering + Optical Solutions< Software Integrity
< Software Integrity
Application Security Services
Dynamic Analysis (DAST) Mobile Application Security Penetration Testing Managed Static Analysis< Software Integrity
< Software Integrity
< Software Integrity
Blog
< Software Integrity
Support
< overview
Software Integrity
+ Application Security Products + Application Security Services + Resources + Training & Education Blog Support< Semiconductor IP
< Semiconductor IP
Memories & Libraries
Logic Libraries Memory Compliers Duet Packages HPC Design Kit Embedded Test & Repair Non-Volatile Memory< Semiconductor IP
< Semiconductor IP
Processor Solutions
ARC Processors Embedded Vision Processors Development Tools Operating Systems Ecosystems ASIP Tools< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< overview
< Verification
< Verification
< Verification
< Design
< Design
< Design
< overview
< Silicon Engineering
< overview
< main menu
< Solutions
< Solutions
Industry Solutions
Automotive Cloud Computing Financial Services Industrial Controls Systems Healthcare Mobile Devices< Solutions
< overview
< All Services
< All Services
< All Services
< overview
< Software Security
Software Security Professional Services
Embedded Software Testing Insider Threat Detection Red Teaming Secure Coding Guidelines Software Architecture & Design Thick Client Testing< Software Security
Managed Services
< Software Security
Program Development & Design
Maturity Model (BSIMM) Maturity Action Plan (MAP) Policies & Standards Security Metrics Software Security-in-a-Box< Software Security
< Software Security
Support
< overview
< Silicon Design
< Silicon Design
< Silicon Design
< Silicon Design
< main menu
< Community
Community
Community Overview< Community
< Community
< Community
Interoperability
ARC Access HAPS Connect HSPICE Integrator In-Sync System-Level Catalyst TAP-in VC Apps Access< Community
< Community
< Community
< overview
Community
+ Community + SNUG + Partners + Interoperability + Academic Programs + Company Blogs + BSIMM< About Us
< About Us
< About Us
< About Us
< About Us
Software Security
In the world of data security, a critical element of working with users is earning their trust. Obtaining, implementing, and properly using an SSL certificate is one way to protect user data. Without a certificate, there is also no easy way to keep the communications between the user and an eCommerce website private from attackers. […]
Originally posted on SecurityWeek. I recently had reason to spend an overnight visit in the hospital. When friends and family left me late in the evening I was confronted with a subject that I had considered professionally but never had to face personally: the connected medical device. When software security gets personal The device that […]
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report from Synopsys and the Ponemon Institute on medical device security. You can always join […]
During a recent iOS application penetration test, I was attempting to proxy network traffic using the BURP proxy tool. In doing so, I configured my device to use BURP as proxy, and voila, I was able to see the traffic (oh, the joys of certificate pinning). However, my excitement was short-lived. I noticed that I […]
There’s been a fair share of attention paid to the security inside the connected car. There’s also been a significant uptick in new devices and apps that communicate with the vehicle from afar. These devices and apps use traditional means of communication (e.g., Bluetooth, Wi-Fi, etc.). They also make some very common software mistakes. For instance, […]
Black Hat 2017 is just around the corner. We’re excited to be going back this year and we want you to join the fun. In fact, we’re offering you a chance to win a free pass to Black Hat USA 2017. Enter by June 28th for a chance to win a briefings pass to the […]
Before jumping into the final post within our discussion on vulnerabilities in the MEAN stack, look back at the other four posts within this series discussing MongoDB, ExpressJS (Core), ExpressJS (Sessions and CSRF), and AngularJS. Development mode (NodeJS/ExpressJS) By default, Express applications run in development mode unless the NODE_ENV environmental variable is set to another value. In development mode, Express […]
With a technical story like WannaCry, there are bound to be some falsehoods spread as fact. As with any misconception, there is often a kernel of truth. More often though, the answer is more complicated than it first seems. Here are a few important falsehoods that have been circulating in the last 48 hours: WannaCry spreads via […]
Last Friday, a piece of malware known as WannaCry (WanaCrypt0r 2.0/WCry) infected over 200,000 Windows-based machines in over 150 countries. What made this malware different was that it encrypted the hard drive, withholding the contents until the victim paid $300 BitCoins. While ransomware itself is not new, the rapid spread of WannaCry caught many people […]
On Friday, several organizations around the world fell victim to a wave of ransomware that swept the globe. Ransomware is malware that encrypts the hard drives of compromised machines until the owner makes full payment. Such attacks have been persistent but relatively quiet. Until now, ransomware had been confined to limited or one-off events. A […]
Categories
- Agile Methodology (17)
- Application Security (162)
- Automotive Security (38)
- CI/CD (2)
- Cloud Security (15)
- Code Review (21)
- Cryptography (1)
- Data Breach (39)
- DevOps (4)
- Dynamic Analysis (DAST) (12)
- Embedded Software Testing (18)
- Ethical Hacking (6)
- Featured (3)
- Financial Services Security (16)
- Fuzz Testing (11)
- Government Security (12)
- Healthcare Security (23)
- Industrial Control System Security (8)
- Insurance Provider Security (3)
- Interactive Application Security Testing (IAST) (2)
- Internet of Things (50)
- JavaScript Security (3)
- Maturity Model (BSIMM) (41)
- Medical Device Security (30)
- Mobile Application Security (44)
- Network Security (26)
- Open Source Security (31)
- OWASP (6)
- Penetration Testing (15)
- Red Teaming (12)
- Secure Coding Guidelines (4)
- Security Architecture (9)
- Security Conference or Event (36)
- Security Metrics (11)
- Security Risk Assessment (33)
- Security Standards and Compliance (21)
- Security Training (38)
- Smart Grid Security (2)
- Software Architecture and Design (13)
- Software Composition Analysis (7)
- Software Development Life Cycle (SDLC) (46)
- Software Security Program Development (37)
- Software Security Testing (200)
- Static Analysis (SAST) (41)
- Threat Intelligence (5)
- Threat Modeling (25)
- Vendor Risk Management (11)
- Vulnerability Assessment (106)
- Web Application Security (50)
Archives