- All Products
- Software Integrity
- Semiconductor IP
- Verification
- Design
- Silicon Engineering
- Application Security Services
- Dynamic Analysis (DAST)
- Mobile Application Security
- Penetration Testing
- Managed Static Analysis
- All Services
- Software Security
- Silicon Design
- Community
- Academic Programs
- Electronic Design
- Optical Design
- Static Analysis
- About Us
< All Products
< All Products
< All Products
< All Products
< All Products
< All Products
< overview
All Products
+ Software Integrity + Semiconductor IP + Verification + Design + Silicon Engineering + Optical Solutions< Software Integrity
< Software Integrity
Application Security Services
Dynamic Analysis (DAST) Mobile Application Security Penetration Testing Managed Static Analysis< Software Integrity
< Software Integrity
< Software Integrity
Blog
< Software Integrity
Support
< overview
Software Integrity
+ Application Security Products + Application Security Services + Resources + Training & Education Blog Support< Semiconductor IP
< Semiconductor IP
Memories & Libraries
Logic Libraries Memory Compliers Duet Packages HPC Design Kit Embedded Test & Repair Non-Volatile Memory< Semiconductor IP
< Semiconductor IP
Processor Solutions
ARC Processors Embedded Vision Processors Development Tools Operating Systems Ecosystems ASIP Tools< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< overview
< Verification
< Verification
< Verification
< Design
< Design
< Design
< overview
< Silicon Engineering
< overview
< main menu
< Solutions
< Solutions
Industry Solutions
Automotive Cloud Computing Financial Services Industrial Controls Systems Healthcare Mobile Devices< Solutions
< overview
< All Services
< All Services
< All Services
< overview
< Software Security
Software Security Professional Services
Embedded Software Testing Insider Threat Detection Red Teaming Secure Coding Guidelines Software Architecture & Design Thick Client Testing< Software Security
Managed Services
< Software Security
Program Development & Design
Maturity Model (BSIMM) Maturity Action Plan (MAP) Policies & Standards Security Metrics Software Security-in-a-Box< Software Security
< Software Security
Support
< overview
< Silicon Design
< Silicon Design
< Silicon Design
< Silicon Design
< main menu
< Community
< Community
< Community
< Community
Interoperability
ARC Access HAPS Connect HSPICE Integrator In-Sync System-Level Catalyst TAP-in VC Apps Access< Community
< Community
< Community
< overview
Community
+ Community + SNUG + Partners + Interoperability + Academic Programs + Company Blogs + BSIMM< About Us
< About Us
< About Us
< About Us
< About Us
Software Integrity
What is the state of fuzz testing in 2017?
August 9, 2017
Today’s electronic systems are more intelligent, more connected, and more at risk than ever before. In fact, a single vulnerability can lead to widespread system-of-systems compromises. Organizations participating in security-critical industries like Aerospace and Defense are especially at risk. About this webinar Cristopher Rommel from VDC and Joe Jarzombek from Synopsys will discuss the results […]
Last week, authorities in multiple countries served warrants to take down a Dark Web site generating a reported $600-$800 thousand a day in sales of illegal drugs and other products. The clue that led authorities to the real-world admin behind the site was a personal email address used in the site’s early days. It provided […]
Seems we all have one: that distant aunt. You know the one I’m talking about. Always dressed to the nines. Always perfectly coiffured. Every detail just so. And that tiny Jack Russell that did tricks on command, never yapped (unless told to “speak”), and was always at her side, springing up to her lap when she pulled out […]
A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other IoT devices) at risk. On Tuesday, IoT researchers at Senrio disclosed a hackable flaw they’re calling “Devil’s Ivy.” Officially known as CVE-2017-9765, the vulnerability is a stack buffer overflow that, if successfully […]
Originally posted on SecurityWeek. 1. Shift Left. 2. Test earlier in the development cycle. 3. Catch flaws in design before they become vulnerabilities. These are all maxims you hear frequently in the discussion surrounding software security. If this is not your first visit to one of my columns it is certainly not the first time […]
There is a sad reality in the software world that developer education and training not only neglect software security, but often teach developers the wrong activities to secure it. This ranges from the ‘get it to work and move on’ habit to insecure code samples in the tutorials and forums we all use when learning new […]
Black Hat USA 2017 takes place from July 22-27 at Mandalay Bay in sunny Las Vegas! What’s Synopsys up to at Black Hat USA 2017? During the event, be sure to stop by booth #1132 to pick up a t-shirt. Who doesn’t love a free t-shirt, right?! If someone from the Synopsys team spots you […]
Developing software is an art. Developing safe and secure software is not only an art, but requires a mindset that anticipates potential bugs, security vulnerabilities, and system failures. Both quality and security are hard to add to a product after its inception. It simply isn’t practical to add on to a product as quality and security […]
Bryan Sullivan, a Security Program Manager at Microsoft, called threat modeling a “cornerstone of the SDL” during a Black Hat Conference presentation. He calls it a ‘cornerstone’ because a properly executed threat model: Finds architectural and design flaws that are difficult or impossible to detect through other methods. Identifies the most ‘at-risk’ components. Helps stakeholders […]
No matter what you call it, SecDevOps, DevSecOps, or DevOpsSec, you have to build security into your continuous integration, continuous delivery, and continuous deployment pipeline. This checklist will guide you through the DevSecOps journey—as we’ll call it within this checklist—to assure that you’re integrating security into your pipeline. Here, we’re going to look at each of […]
Categories
- Agile Methodology (18)
- Application Security (182)
- Automotive Security (41)
- CI/CD (2)
- Cloud Security (15)
- Code Review (21)
- Cryptography (1)
- Data Breach (44)
- DevOps (6)
- Dynamic Analysis (DAST) (12)
- Embedded Software Testing (20)
- Ethical Hacking (6)
- Featured (3)
- Financial Services Security (16)
- Fuzz Testing (14)
- Government Security (12)
- Healthcare Security (24)
- Industrial Control System Security (8)
- Infographic (8)
- Insurance Provider Security (3)
- Interactive Application Security Testing (IAST) (2)
- Internet of Things (54)
- JavaScript Security (4)
- Maturity Model (BSIMM) (42)
- Medical Device Security (30)
- Mobile Application Security (44)
- Network Security (26)
- Open Source Security (33)
- OWASP (6)
- Penetration Testing (15)
- Red Teaming (12)
- Secure Coding Guidelines (7)
- Security Architecture (9)
- Security Conference or Event (40)
- Security Metrics (11)
- Security Risk Assessment (33)
- Security Standards and Compliance (26)
- Security Training (39)
- Smart Grid Security (2)
- Software Architecture and Design (14)
- Software Composition Analysis (8)
- Software Development Life Cycle (SDLC) (46)
- Software Quality (6)
- Software Security Program Development (37)
- Software Security Testing (204)
- Static Analysis (SAST) (41)
- Threat Intelligence (5)
- Threat Modeling (25)
- Vendor Risk Management (11)
- Vulnerability Assessment (108)
- Web Application Security (51)
Archives