We’re proud to announce that Synopsys has been named a leader in The Forrester Wave™: Static Application Security Testing, Q1 2021. Find out why. This week Forrester recognized Synopsys as a leader in The Forrester Wave™: Static Application Security Testing, Q1 2021, based on its evaluation of Coverity®, our static application security testing (SAST) solution. Forrester evaluated the 12 most significant SAST providers against 28 criteria.

The total cost of poor software quality in the U.S. is estimated at $2.08 trillion. Learn what contributes to the cost and how security can help minimize errors. Do it right the first time. That long-standing cliché is based on the premise that it almost always costs more to fix something built poorly than it does to build it correctly.

Misuse of security tools can lead to defect overload for development teams. Knowing when and how to use these tools will yield more effective DevSecOps. It is a long-time mantra of security experts: There is no single, magical software testing tool or technique that will find every defect or flaw that developers should fix when they are building an application or any of the many things powered by software.

DevSecOps offers benefits—but it also has its challenges. Learn why companies are making the shift and why it’s not always easy. DevSecOps is the practice of integrating security into every stage of the DevOps pipeline. It unites development activities, operations support, and security checks, and coordinates the teams involved in the software development life cycle (SDLC). The synergy between the teams is helped by automation.

The rise of open source software is not without risks for today’s applications. Use a software composition analysis tool to mitigate these risks. Gartner, in its “Market Guide for Software Composition Analysis,” details the need to make software composition analysis (SCA) part of your application security testing tool suite. We discussed the what and why in a recent blog post; today let’s discuss the how.

CVE-2020-28052 is an authentication bypass vulnerability discovered in Bouncy Castle’s OpenBSDBcrypt class. It allows attackers to bypass password checks.

The burden of software security often falls solely on security teams, but to be successful, organizations need to make security a team effort. Remember group projects in school? Teachers love them because they have less grading to do; in a class of 25 students, they might only need to look at 5 projects. For team members, team projects can be difficult, usually when individual motivation levels don’t match up.

Defensics SDK makes fuzz testing possible for custom protocols. Learn how to create a custom injector using the Defensics SDK API. Fuzz testing is never a bad idea. If you aren’t testing your implementation with malformed or unexpected inputs, someone else may be able to exploit a weakness simply from running the system. And fuzz testing (or fuzzing) is not only about finding potential security issues—it can also increase the overall robustness of the system.

In part two of this series, learn how to create a data model for the Bitcoin network protocol and use the Defensics SDK to perform fuzzing on bitcoind. In the previous article, you saw how to set up a test bed for bitcoind. We created two containers, fleur and viktor, and set up communication between the two bitcoind instances. In this article, learn how to create a data model for the Bitcoin network protocol, and then use this model in the Defensics® SDK to perform fuzzing on bitcoind.