Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

How AI is changing software's role in the SDLC

In the ever-evolving landscape of software development, artificial intelligence (AI) is emerging as a transformative force, reshaping the software development lifecycle. While AI use is still not without risk, it's time to reframe the conversation and explore how AI can enhance and streamline various stages of the SDLC. Let’s take a look at how you can strategically incorporate AI in the SDLC and address lingering concerns.

Test mode enhancements to Defensics fuzz testing

Defensics® is the leading fuzz testing solution for discovering unknown vulnerabilities and ensuring system robustness. The tool has been widely adopted across industrial Internet of Things (IoT) and medical devices, as well as telecom network environments to mitigate risks when deploying embedded software. Defensics offers powerful capabilities out of the box for testers to perform protocol testing and hardening checks.

Container security essentials

As cloud-native applications continue to proliferate, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they offer. In fact, Gartner predicts that 75% of global organizations are running containerized applications in production. The popularity of containers has also attracted hackers looking for new ways to exploit applications.

How to generate a software bill of materials

The complexity of modern applications (think open source, proprietary and commercial code) makes the management of software supply chain security a business-critical effort. Robust software supply chain security requires a thorough understanding of your organization’s software components - a complete visibility into the makeup of your code - best achieved with a Software Bill of Materials (SBOM).

Mobile app security testing and development at the speed your business demands

Synopsys recently introduced static application security testing (SAST) support for the Dart programming language and the Flutter application framework to expand our coverage for mobile development teams that are tasked with delivering secure apps on multiple platforms. This builds on our support of more than 20 programming languages and 200 frameworks, and complements our existing Kotlin, Swift, and React Native support with another option for those focused on secure mobile app development.

Mergers and acquisitions insurance

Evaluating risk is paramount in any software transaction. In the realm of mergers and acquisitions (M&As), a thorough risk assessment is essential to identify a target company’s potential pitfalls, financial liabilities, and legal obligations. The analysis of such risks is pivotal for informed decision-making, ensuring that acquirers are aware of the risks they may inherit.

CyRC Vulnerability Advisory: CVE-2023-51448 Blind SQL Injection in SNMP Notification Receivers

The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-51448, a blind SQL injection (SQLi) vulnerability in Cacti. Cacti is a performance and fault management framework written in PHP. It uses a variety of data collection methods to populate an RRDTool-based time series database (TSDB) with performance data, and offers a web user interface to view this performance data in graphs. Cacti is easily extensible for custom needs via its plugin system.

DevSecOps practices to maintain developer velocity

By introducing a culture of security into DevOps environments, DevSecOps is designed to address security risks early and consistently. According to the SANS 2023 DevSecOps survey, DevSecOps is a business-critical practice and risk management concern in all organizations focused on software development.

Consolidating effort for enhanced application security

Navigating the complexities of modern application security presents a formidable challenge for organizations. The multitude of security tools and the effort to implement and maintain them often creates a tangled web of processes, which can result in inconsistent implementations, resource inefficiencies, and a fractured view of risk. Enterprise organizations can have hundreds of developers spread across multiple business units.