Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2022

Avoid anaphylactic shock by auditing dependencies in software due diligence

Say you are allergic to peanuts. While out to dinner, you order a plate of spaghetti with meatballs. The server lets you know that there are no peanuts in the spaghetti with meatballs. Unfortunately, the server has no knowledge that the onions within the meatballs were fried in peanut oil. The indirect dependency on the peanut oil that was included in the meatballs by way of the fried onions left you vulnerable to an attack.

Experts warn of critical security vulnerability discovered in OpenSSL

Understand what steps your organization needs to take now to prepare for the upcoming patch to address OpenSSL’s critical security vulnerability on November 1. Security experts are giving organizations advance disclosure of a critical vulnerability discovered in OpenSSL version 3.0 and above, leaving many to speculate about the potential impact to their organization.

AppSec Decoded: DevSecOps in a post-pandemic world | Synopsys

In this episode of AppSec Decoded, recorded live at RSA 2022 in San Francisco, cybersecurity experts Natasha Gupta, security solutions manager at Synopsys, and Taylor Armerding, security advocate at Synopsys, discuss pandemic-accelerated improvements in DevSecOps.

Code Sight and Rapid Scan Static - Enable Fast & Accurate SAST Scanning in the IDE | Synopsys

Synopsys Code Sight plug-in lets you perform fast, deep SAST directly within your IDE. With Rapid Static Scan, you can find vulnerabilities in the IDE and confirm security fixes in real-time as you code, avoid late stage fixes, and more.

Real-time OWASP vulnerabilities as you code with Code Sight and Rapid Scan Static

Imagine you are developing an application – no matter if it’s a web, mobile, or desktop app – and your IDE informs you of security vulnerabilities as you code. The release of Code Sight 2022.9.0 for VS Code and IntelliJ makes that a reality. With Synopsys’ industry-leading static application security testing (SAST) engine powering Code Sight’s Rapid Scan Static, there is no configuration or tuning. It’s actual sophisticated taint flow and not just lint.

Code Sight IDE Plugin for Application Security Testing | Synopsys

The Synopsys Code Sight IDE plugin helps developers and software engineers produce secure software without changing their workflows or leaving the IDE. Analyze code as you write it, find code quality and security issues, detect vulnerabilities in open source components and dependencies, and get fix recommendations. Code Sight is available for popular IDEs right from the marketplace.

IDE-based application security for developers in IntelliJ

The Code Sight security plugin, available for IntelliJ, makes IDE-based AppSec testing attainable without breaking established development workflows. It has been decades since application development evolved to include the creation of software for local installation as well as hosted, cloud-based delivery and software as a service (SaaS). This evolution was the first shift in development workflows—and it established a new potential attack vector for software assets in production.