AppSec Decoded: Exploring BSIMM14 trends and recommendations
Uncover key software security trends and recommendations from the BSIMM14 to help improve your security program.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
January 2024
How to generate a software bill of materials
The complexity of modern applications (think open source, proprietary and commercial code) makes the management of software supply chain security a business-critical effort. Robust software supply chain security requires a thorough understanding of your organization’s software components - a complete visibility into the makeup of your code - best achieved with a Software Bill of Materials (SBOM).
Polaris Software Integrity Platform: Automate Any Scan, Anytime, Anywhere, All at Once | Synopsys
Polaris Software Integrity Platform is the first no compromise cloud-based application security solution that meets the diverse needs of Development, DevOps, and Security teams. Polaris Overview Highlights: Watch this overview to see how Polaris can benefit your organization.
Rapid Bulk SCM onboarding made easy with Polaris | Synopsys
It is a constant challenge for modern app and DevOps team to onboard and scale AppSec test in today's highly complex and distributed software environment. Ability to automate bulk upload and scanning of an organizations' hundreds of repositories is the first step. This video shows how the Polaris integrated application security testing SaaS platform helps: To learn more, visit synopsys.com/polaris.
Mobile app security testing and development at the speed your business demands
Synopsys recently introduced static application security testing (SAST) support for the Dart programming language and the Flutter application framework to expand our coverage for mobile development teams that are tasked with delivering secure apps on multiple platforms. This builds on our support of more than 20 programming languages and 200 frameworks, and complements our existing Kotlin, Swift, and React Native support with another option for those focused on secure mobile app development.
How to Easily Generate An Accurate Software Bill of Materials (SBOM) with Black Duck | Synopsys
Did you know that open source code constitutes up to 95% of the code in your applications? This creates a web of dependencies that can pose security, quality, and compliance risks. Black Duck provides a solution by helping you generate an accurate software bill of materials (SBOM) in minutes, giving you visibility into your software supply chain. Watch the video to streamline your SBOM generation process and take control of your software supply chain.
AppSec Decoded: Reaching DevSecOps maturity | Synopsys
Learn how to overcome today's DevSecOps challenges to achieve strong DevSecOps maturity.
Mergers and acquisitions insurance
Evaluating risk is paramount in any software transaction. In the realm of mergers and acquisitions (M&As), a thorough risk assessment is essential to identify a target company’s potential pitfalls, financial liabilities, and legal obligations. The analysis of such risks is pivotal for informed decision-making, ensuring that acquirers are aware of the risks they may inherit. For insurers, risk evaluation is fundamental to establishing coverage limitations and pricing uninsurable risks appropriately.
Understanding Continuous DAST in Production with WhiteHat Dynamic
This video provides an overview of WhiteHat Dynamic's approach to continuous production DAST testing, and its integration with other Synopsys tools for comprehensive security across all development stages. Join us as we walk through the dashboard's executive and peer benchmarking views, examine common vulnerabilities, and delve into the process of identifying and validating issues using a blend of automated and manual testing techniques.
CyRC Vulnerability Advisory: CVE-2023-51448 Blind SQL Injection in SNMP Notification Receivers
The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-51448, a blind SQL injection (SQLi) vulnerability in Cacti. Cacti is a performance and fault management framework written in PHP. It uses a variety of data collection methods to populate an RRDTool-based time series database (TSDB) with performance data, and offers a web user interface to view this performance data in graphs. Cacti is easily extensible for custom needs via its plugin system.
DevSecOps practices to maintain developer velocity
By introducing a culture of security into DevOps environments, DevSecOps is designed to address security risks early and consistently. According to the SANS 2023 DevSecOps survey, DevSecOps is a business-critical practice and risk management concern in all organizations focused on software development.