The Apache Software Foundation can take a joke, except about licensing
If you use open source, what’s good for the Apache Software Foundation is usually good for you. What do they say about “joke licenses” and Category X?
Did an Apache Struts vulnerability trigger the Equifax hack? | Synopsys
In recent days, more details of the Equifax hack have come to light. There’s now speculation that attackers exploited an Apache Struts vulnerability.
New Apache Struts 2 zero-day vulnerability: What you need to know | Synopsys
At this time, hackers are actively exploiting the critical Apache Struts 2 zero-day vulnerability and are able to take complete control of web servers. Run a scan using software composition ...
What the Aporeto Trireme Project Means for the Security Community
Our team at Aporeto, the company behind Open Source Rookie Aporeto Trireme project, embarked on a journey to redefine application security with the cloud. As we were operationalizing data center ...
Examining Apache Struts remote code execution vulnerabilities | Synopsys
Apache published details of CVE-2017-12611, the fourth critical Apache Struts remote code execution vulnerability in 2017, the day Equifax announced the breach.
It’s past time to pay much more attention to API security | Synopsys
Organizations manage 363 APIs, on average. But vulnerable APIs can expose your data to anyone who knows how to ask for it. API security starts with the basics.
App security features and usability | Synopsys
Why do users feel they have to choose between security vs. performance, security vs. usability, or security vs. functionality? You don't have to choose.
A voracious appetite for open source software worldwide | Synopsys
The results are in from the Open Source 360° Survey, showing a voracious appetite for open source software but a lag in managing and securing it.
Apple iMessage Vulnerability Patched in iOS 9.3 | Synopsys
The attack, possible on iOS versions 9.2 and below, mimics Apple's own server and targets photos stored in Apple's iCloud.
How to win the application security arms race | Synopsys
Static application security testing helps you find and fix vulnerabilities earlier in the development life cycle, resulting in more secure software.
Examining Apple Security 55471, aka goto fail | Synopsys
If you haven't heard about the ironically named "goto fail" vulnerability, read on to explore a summary and Apple Security 55471 remediation techniques.
Open Source Code: New Approach to Application Security Management
Software applications access many of the most important assets organizations manage, such as intellectual property, strategic plans and customer data. Application security management has frequently...
Application security incidents: How to respond in a crisis | Synopsys
Application security incidents will happen if security isn’t at the top of your priority list. Here are some tips to handle a hack or crisis with grace.
12 Questions to Ask your App Testing Partner | Synopsys
Learn what questions to ask your app testing service provider to understand exactly the type of support you will receive.
Do you have the right tools in your application security toolkit? | Synopsys
With so many application security tools, how do you choose the best ones for your environment? Learn how to assemble your application security toolkit.
Benefits of Application Security Training: Moving Beyond Compliance | Synopsys
Compliance training is obviously failing software developers. Find out why application security training compliance is just the beginning.
How to create the best application security toolchain | Synopsys
Having the right application security toolchain is the most effective way to build security in, which is critical to securing modern apps against attacks.
Application Testing & Your Security Journey | Synopsys
Application testing helps measure threats and risks in applications. This is the foundation for prioritizing activities for remediation to be performed.
Application security vs. software security | Synopsys
What is the difference between application security and software security? We examine the question and explain when to use each discipline.
Brace Yourselves: Application Transport Security Is Coming | Synopsys
Most developers disable ATS completely. While this is currently acceptable to Apple, they’ve announced that at the end of 2016 they will no longer allow it.
Apps Run in Containers More Secure Than Not, Analysts Find | Synopsys
Two analyst firms have concluded that running apps in containers is more secure than alternatives.
3 presentations you don't want to miss at AppSec California 2017
From January 23 to 25, security professionals come together to share their knowledge and experiences about secure development methodologies.
How does application security fit into DevOps? | Synopsys
Is security tripping you up? Join us on Oct. 10, 2017 at 1:00pm EST for a live webinar where we explore DevOps security automation and strategy. Register.
What AppSec tools are in your DevOps toolshed? | Synopsys
AppSec tools are essential to creating secure applications and preventing data breach. But how do you integrate them effectively into your DevOps workflow?
What you need to know about medical device security | Synopsys
Medical device security is different from web app security, and needs to be approached in a unique way.