Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Synopsys

How to detect, prevent, and mitigate buffer overflow attacks

In the late 1980s, a buffer overflow in UNIX’s fingerd program allowed Robert T. Morris to create a worm which infected 10% of the Internet—in two days. This event launched cybersecurity to the forefront of computer science headlines for one of the first times in history. Nearly three decades later in 2014, a buffer overflow vulnerability in the OpenSSL cryptography library was disclosed to the public.

4 approaches to vulnerability remediation

Vulnerability remediation is the process of identifying weaknesses and design flaws in your applications, prioritizing findings based off of the level of risk they pose, and then performing appropriate actions to resolve them. Options for vulnerability remediation include remediating (fixing) an issue, ignoring it (when it is not risky enough to merit the resources needed to fix it), or applying compensating controls to help counteract the risk posed by the vulnerability.

Top 4 software development methodologies

Successful software projects are managed well. To manage a project efficiently, the manager or development team must choose the software development methodology that will work best for the project at hand. All methodologies have different strengths and weaknesses and exist for different reasons. Here’s an overview of the most commonly used software development methodologies and why different methodologies exist.

CyRC Vulnerability Advisory: CVE-2023-7060 Missing Security Control in Zephyr OS IP Packet Handling

The Synopsys Cybersecurity Research Center (CyRC) has identified problems in Zephyr OS related to protecting against internet protocol (IP) address spoofing attacks. Zephyr OS is a popular real-time operating system used in connected, resource-constrained systems like Internet of Things and embedded devices. It is highly customizable and supports multiple architectures, systems-on-a-chip, and boards, making it useful for a wide range of applications.

Introducing fAST Dynamic: Streamlining dynamic application security testing

Today, we're excited to announce the availability of fAST Dynamic, the latest offering on the Polaris Software Integrity Platform®. As web applications become more complex, so too does the task of testing them for security issues at the pace of modern development pipelines. Polaris fAST Dynamic simplifies dynamic application security testing (DAST) for modern web applications, while also making it faster and easier for the teams developing them.

2024 OSSRA report: Open source license compliance remains problematic

Based on the audit data presented in the 2024 “Open Source Security and Risk Analysis” (OSSRA) report, organizations in all verticals should be concerned about the potential risk of litigation or threat to their intellectual property rights due to failure to comply with an open source license. The report’s findings show that over half—53%—of the 2023 audited codebases contained open source with license conflicts.

Introducing fAST Dynamic to the Polaris Software Integrity Platform | Synopsys

Now a part of the Polaris Software Integrity Platform, fAST Dynamic provides next generation dynamic analysis at scale. fAST Dynamic is a DAST solution that provides an automated, self-service dynamic testing solution for effectively analyzing modern technologies that is fast, easy, and accurate.

Six Python security best practices for developers

Python is a fast, platform-agnostic, and easy-to-learn programming language that is suited for beginners and experienced developers alike. Ever since its first release in 1991, Python has had a constant presence in the computer world and has become a go-to language thanks to its easy-to-understand code and versatility. Today, Python can boast a wide array of libraries and frameworks, and they are the cornerstone of fast and easy Python programming—the so-called Pythonic way of development.