Software Integrity

Archive for the 'Application Security' Category

 

Swift: Close to Greatness in Programming Language Design, Part 2

Ahead of Coverity static analysis support for the Swift programming language, we are examining design decisions in the language from the perspective of defect patterns detectable with static analysis. To kick things off, I recommend reading Part 1 in this series if you have not already. Defect patterns continued: More basics Now we consider additional […]

Continue Reading...

Posted in Application Security, Static Analysis (SAST), Vulnerability Assessment | No Comments »

 

How to Benchmark Your Software Security Strategies

Evaluating the progress of your software security journey is essential, but it can be a considerable challenge. Tracking operational metrics doesn’t tell you whether you are doing the right things. Analyst reports are often too general to provide tactical direction. And companies hold their security plans so close to the vest, it makes competitive research […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM), Threat Modeling | No Comments »

 

Forging a SHA-1 MAC Using a Length-Extension Attack in Python

SHA-1 (Secure Hash Algorithm 1) is broken. It has been since 2005. And yet, that hasn’t stopped its continued use. For example, until early 2017 most internet browsers still supported SHA-1. As though to confirm that SHA-1 was really, truly dead, researchers from CWI Amsterdam and Google announced at the end of February 2017 they […]

Continue Reading...

Posted in Application Security, Vulnerability Assessment, Web Application Security | No Comments »

 

Sophia Goreczky Is the Recipient of the 2017 YWCA Emerging Leader Award

Sophia Goreczky, Senior User Experience Designer within Synopsys’ Software Integrity Group, is the recipient of 2017 YWCA Emerging Leader Award. She will be honored, along with 4 other award honorees, at an awards dinner on May 11, 2017, at the Fairmont Hotel in San Jose. Since 1984, the YWCA Silicon Valley Tribute to Women Awards […]

Continue Reading...

Posted in Application Security | No Comments »

 

The Connected Toy Conundrum Is Beginning to Boil

Originally posted on SecurityWeek.  The prediction business is a tricky thing. You can be right, but until you are proven right, you’re either early or wrong. Being early feels just like being wrong–up until the moment you are right. When toymaker VTech announced in November 2015 that nearly five million customer records had been leaked […]

Continue Reading...

Posted in Application Security, Internet of Things | No Comments »

 

Swift: Close to Greatness in Programming Language Design, Part 1

As we are taking our first steps toward a Coverity static analysis solution for the Swift programming language, I am discovering one of the most challenging languages yet for Coverity. This is simply because many of the easy-to-make, easy-to-find mistakes in other programming languages were designed to be difficult or impossible in Swift. However, some mistakes […]

Continue Reading...

Posted in Application Security, Static Analysis (SAST), Vulnerability Assessment | No Comments »

 

How to Create Clean Images for Corporate Hardware

Planning an IT initiative can present many challenges, one of which being the choice of software in the organization’s base computer images. When starting out small, it may make sense to buy machines off the shelf if expansion is not anticipated in the near future. However, choosing to do so often includes unwanted programs that add […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Security Risk Assessment | No Comments »

 

New Apache Struts 2 Zero-Day Vulnerability: What You Need to Know

It has been more than 48 hours since this attack was made public. At this time, hackers are actively exploiting the critical vulnerability and are able to take complete control of web servers. Several sources have been discussing details for exploiting this vulnerability. Rather than focusing on how to exploit it here, we will ensure that you are […]

Continue Reading...

Posted in Application Security, Open Source Security, Vulnerability Assessment, Web Application Security | No Comments »

 

#BeBoldForChange on International Women’s Day 2017

Today is International Women’s Day. The UN theme for 2017 is Empowering Women: Empowering Humanity #BeBoldForChange. What better way to celebrate it than by writing a blog post about the women of Synopsys who are achieving great success?! The women of Synopsys had a banner year. In 2016, we spoke at conferences across the world, […]

Continue Reading...

Posted in Application Security | No Comments »

 

How Secure Is AngularJS?

Synopsys Principal Security Consultant, Ksenia Dmitrieva-Peguero, recently posed the question at the information security conference, Securi-Tay: How secure is AngularJS? With seven years of experience in the AppSec space, and five years of software development experience, Ksenia’s current concentration centers on the analysis of JavaScript frameworks–researching their security implications, vulnerability discovery, and remediation. In her latest […]

Continue Reading...

Posted in Application Security, Security Conference or Event, Security Training, Vulnerability Assessment | No Comments »