Software Integrity

Archive for January 2017

 

Are You Following the Top 10 Software Security Best Practices?

While it is a common misnomer that many firms rely on, it’s never a good security strategy to simply buy the latest security tool and call it a day. Your organization may need to invest in focused employee education and tool deployment before seeing a return on investment. Software security isn’t simply plug and play. […]

Continue Reading...

Posted in Security Training, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on Are You Following the Top 10 Software Security Best Practices?

 

Shining a Light Onto Cybersecurity at the 2017 HIMSS Conference

Next month, over 40,000 health IT professionals, clinicians, executives, and vendors will converge from around the globe to attend the 2017 HIMSS Annual Conference and Exhibition. The event will take place from February 19-23 in Orlando, Florida. We’re looking forward to those five days of exceptional education, cutting-edge health IT product discussions, and powerful networking opportunities. […]

Continue Reading...

Posted in Healthcare Security, Security Conference or Event | Comments Off on Shining a Light Onto Cybersecurity at the 2017 HIMSS Conference

 

AngularJS Is Secure by Default, Right? Not So Fast.

AngularJS is one of those wonderful frameworks that seems to hide so many of JavaScript’s warts. While Angular adds much-needed features to the language, it also creates a handful of new problems for developers. Due to this, I’ve teamed up with Lewis Ardern to pose a simple question with a not-so-simple answer: Google built AngularJS […]

Continue Reading...

Posted in Application Security, JavaScript Security | Comments Off on AngularJS Is Secure by Default, Right? Not So Fast.

 

Think Like an Attacker During Two-Day Red Team Workshop

Most developers focus their day-to-day thought processes on building software rather than breaking it. Meanwhile, organizations face growing and evolving threats against their digital assets and infrastructure. That’s why it’s critically important for security operations and development teams to think defensively. Thinking of any and every possible attack is what red teaming is all about. A […]

Continue Reading...

Posted in Red Teaming, Security Training | Comments Off on Think Like an Attacker During Two-Day Red Team Workshop

 

Why Secure Code Reviews Matter (and Actually Save Time!)

Modern websites and applications are feature-rich. They provide the user with an intuitive flow through business logic and data. Application developers write these features, rely on their operation, and may even re-use them in their code. Due to rapid, feature-driven development and code sharing, when a vulnerability is introduced in code (and goes undetected) it […]

Continue Reading...

Posted in Code Review, Vulnerability Assessment | Comments Off on Why Secure Code Reviews Matter (and Actually Save Time!)

 

3 Presentations You Don’t Want to Miss at AppSec California 2017

The Fourth Annual AppSec California Conference kicks off in one week at the Annenberg Beach House in Santa Monica, California. From January 23-25, security professionals, developers, penetration testers, and QA and testing professionals come together to share their knowledge and experiences about secure systems and secure development methodologies. We’re excited to attend the event as Platinum […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM), Mobile Application Security, Security Conference or Event, Software Security Program Development, Threat Modeling | Comments Off on 3 Presentations You Don’t Want to Miss at AppSec California 2017

 

How Much Do Bugs Cost to Fix During Each Phase of the SDLC?

A well-defined software development life cycle (SDLC) is essential to develop more reliable, bug-free software. At Synopsys, we often make the claim that it’s important to fix bugs early in the SDLC to save time and money. But how much of a cost difference does it really make to fix bugs during various SDLC phases? […]

Continue Reading...

Posted in Software Development Life Cycle (SDLC), Vulnerability Assessment | Comments Off on How Much Do Bugs Cost to Fix During Each Phase of the SDLC?

 

Learn How OpenID Connect Works and How to Implement It Securely

We’re excited to announce a new addition to our eLearning library: OpenID Connect Purpose and Security. OpenID Connect has become an industry-leading standard for user identification. If you’ve ever logged into a service using your Google or Twitter credentials then you’ve used OpenID Connect. When implemented properly, OpenID Connect is a reliable and secure solution […]

Continue Reading...

Posted in Security Training | Comments Off on Learn How OpenID Connect Works and How to Implement It Securely

 

Make a New Year’s Resolution to Get Serious About Software Security

Originally posted on SecurityWeek.  The beginning of any new year is a time for examination and setting new goals and objectives. Many of you understand that addressing the vulnerabilities in your software is something you can no longer ignore, and are ready to get serious about software security. Resolutions are nice, but if you are […]

Continue Reading...

Posted in Software Security Program Development, Vendor Risk Management | Comments Off on Make a New Year’s Resolution to Get Serious About Software Security

 

What to Look Forward to at the 2017 Medical Device Security 101 Conference

This year’s Medical Device Security 101 Conference is just days away. We’re looking forward to meeting attendees January 15-17 in sunny Lake Buena Vista, Florida. Identify, prevent, recover. We’d like to thank the University of Michigan’s Archimedes Center for Medical Device Security for hosting the two-day educational workshop. This synergistic environment explores how to identify, […]

Continue Reading...

Posted in Healthcare Security, Medical Device Security, Security Conference or Event | Comments Off on What to Look Forward to at the 2017 Medical Device Security 101 Conference