IAST defined, plus the advantages of IAST for business-critical software
As an acronym, IAST is awkward to pronounce or to guess what it stands for. But as a testing tool, IAST is remarkably effective at rooting out potentially catastrophic bugs in web-based ...
How Does Agile Overcome Common Software Security Challenges? | Synopsys
Utilizing an Agile software development life cycle can optimize your practices to overcome common software security challenges. Learn how.
Agile Methodology and Application Security | Synopsys
Agile methodology and application security are often spoken of together as oil and water, but are they really?
Agile development for application security managers | Synopsys
Let's analyze agile development from the standpoint of application security, and look at ways to implement security into the Agile development methodology.
Learn How the Agile Security Manifesto Guides Secure Development | Synopsys
Learn how adding these 4 principles to the Agile Manifesto and your own process can help integrate critical security measures in a natural, efficient way.
Agile Software Development Tricks for the Security Savvy | Synopsys
Waiting for the agile fad to pass? Agile software development is here to stay and is being adopted by organizations of all sizes.
Agile vs. security: Resolving the culture clash | Synopsys
When considering the clash that often results from agile vs. security, it's important to see that there's a difference between being agile and doing agile.
Balancing Agility and Open Source Security for DevOps | Synopsys
Open source insight this week, lots of DevOps news including why automation is critical for securing code, as well as balancing agility with security needs.
AGPL: Out of the Shadows - the Affero GPL 3 | Synopsys
Shortly after the release of GPL3, the FSF released Affero GPL 3, or AGPL. There were two philosophical camps in drafting GPL3: one that GPL3 incorporate new conditions to close the “SAAS loophole”...
Hard questions after an airline software ‘glitch’ leads to a crash | Synopsys
The parts and systems on an airplane don’t have to fail in a big way to have big consequences. A flaw in airline software could be a matter of life or death.
1.4 Billion Android Devices Vulnerable to Hijack Attacks | Synopsys
Roughly 80 percent of all Android devices contain a Linux vulnerability that affect unencrypted communications and allow attackers to hijack data.
An OWASP interaction model | Software Integrity Blog
The OWASP board decided to support a partnership model with private industry. See how this model may work to shape existing OWASP assets.
Are Android OEMs responsible for the gap in mobile security updates? | Synopsys
There may be legitimate reasons why an OEM or carrier may choose not to push out a security update for a particular type of device. Get the full story.
Android Full-Disk Encryption Flaw May Have Been Previously Known to Google | ...
Up to 900 million Android phones vulnerable to Qualcomm flaw | Synopsys
Researchers have disclosed four major security holes affecting the Qualcomm chips in several recent, popular mobile phones.
Black Hat Europe 2017 examines Android's SafetyNet Attestation | Synopsys
Join John Kozyrakis and Collin Mulliner at Black Hat Europe 2017 to take a deep dive into Android's SafetyNet Attestation. Learn more.
Here Are the Top 10 Best Practices for Securing Android Apps | Synopsys
No matter what type of Android app you intend to build, consider these 10 best practices for improving the security posture of your Android mobile apps.
Since a WebView is a browser control in an app, it invites traditional attacks associated with the web. We examine how to protect against these attacks.
AngularJS 1.6: Life Outside the Sandbox | Synopsys
If you haven't already evaluated the impact of this on your Angular code in preparation for the changes, it's high time to do so.
An Escape Room Called the “AngularJS Sandbox” | Synopsys
The AngularJS sandbox should not be considered a security boundary. Here, we'll explore what that's the case and how to protect against vulnerabilities.
AngularJS Security Series Part I: Angular $http Service | Synopsys
Our goal for this AngularJS security series is simple: to help developers better understand Angular and embrace the practice of writing more secure code.
Recognizing Another Type of Threat: Non-targeted Attacks | Synopsys
Non-targeted attacks exploit a weakness in software and in an organization’s defenses: awareness of vulnerable components in their applications.
AngularJS Is Secure by Default, Right? Not So Fast. | Synopsys
While Angular adds much-needed features to the language, it also creates a handful of new problems for developers.
When Your Anti-Malware Program Has A Zero-Day | Synopsys
Software intended to protect your computer shouldn't be vulnerable to exploitation, yet that is what one security researcher is finding.
Answering the most frequently asked questions about GDPR | Synopsys
What’s the definition of “personal data” under GDPR? What are the penalties for noncompliance? How can Synopsys help you along your GDPR compliance journey?