Examining Apache Struts remote code execution vulnerabilities | Synopsys
Apache published details of CVE-2017-12611, the fourth critical Apache Struts remote code execution vulnerability in 2017, the day Equifax announced the breach.
What the Aporeto Trireme Project Means for the Security Community
Our team at Aporeto, the company behind Open Source Rookie Aporeto Trireme project, embarked on a journey to redefine application security with the cloud. As we were operationalizing data center ...
Did an Apache Struts vulnerability trigger the Equifax hack? | Synopsys
In recent days, more details of the Equifax hack have come to light. There’s now speculation that attackers exploited an Apache Struts vulnerability.
It’s past time to pay much more attention to API security | Synopsys
Organizations manage 363 APIs, on average. But vulnerable APIs can expose your data to anyone who knows how to ask for it. API security starts with the basics.
Crisis Mode: How to Respond to Application Security Incidents | Synopsys
If security isn't at the top of your priority list, you'll be hacked. Here are a few things you can do to handle application security incidents with grace.
Apple iMessage Vulnerability Patched in iOS 9.3 | Synopsys
The attack, possible on iOS versions 9.2 and below, mimics Apple's own server and targets photos stored in Apple's iCloud.
Open Source Code: New Approach to Application Security Management
Software applications access many of the most important assets organizations manage, such as intellectual property, strategic plans and customer data. Application security management has frequently...
A voracious appetite for open source software worldwide | Synopsys
The results are in from the Open Source 360° Survey, showing a voracious appetite for open source software but a lag in managing and securing it.
Examining Apple Security 55471, aka goto fail | Synopsys
If you haven't heard about the ironically named "goto fail" vulnerability, read on to explore a summary and Apple Security 55471 remediation techniques.
Benefits of Application Security Training: Moving Beyond Compliance | Synopsys
Compliance training is obviously failing software developers. Find out why application security training compliance is just the beginning.
Application security testing tools: A question of when not which | Synopsys
As the threat of cybercrime continues to rise, so does the importance of application security and selecting the right application security testing tools is key.
12 Questions to Ask your App Testing Partner | Synopsys
Learn what questions to ask your app testing service provider to understand exactly the type of support you will receive.
The alphabet soup of application security testing tools | Synopsys
Every application security testing tool—SAST, IAST, DAST, and RASP—has its distinct advantages, but you’ll get the best results when you use them together.
Do you have the right tools in your application security toolkit?
With so many application security approaches and tools, how do you decide which ones will work best for your environment? Learn how to assemble your application security toolkit.
Brace Yourselves: Application Transport Security Is Coming | Synopsys
Most developers disable ATS completely. While this is currently acceptable to Apple, they’ve announced that at the end of 2016 they will no longer allow it.
3 presentations you don't want to miss at AppSec California 2017
From January 23 to 25, security professionals come together to share their knowledge and experiences about secure development methodologies.
Application Testing & Your Security Journey | Synopsys
Application testing helps measure threats and risks in applications. This is the foundation for prioritizing activities for remediation to be performed.
Apps Run in Containers More Secure Than Not, Analysts Find | Synopsys
Two analyst firms have concluded that running apps in containers is more secure than alternatives.
Application security vs. software security | Synopsys
What is the difference between “application security” and “software security”? We examine the question and explain when to use each discipline.
What you need to know about medical device security | Synopsys
Medical device security is different from web app security, and needs to be approached in a unique way.
AppSec for DevOps, open source vs proprietary, malicious AIs & GDPR | Synopsys
Where is GDPR data hiding, why enterprises must have a software security program, and building application security into the heart of DevOps.
A guide to Gary McGraw's AppSec USA 2014 keynote | Synopsys
How does application security fit into DevOps? | Synopsys
Is security tripping you up? Join us on Oct. 10, 2017 at 1:00pm EST for a live webinar where we explore DevOps security automation and strategy. Register.
Architecture Analysis & Software Design Flaws | Synopsys
Get resources on the importance of architecture analysis and software security design flaws. Finding bugs in code is easier, but flaws remain a challenge.
As FDA Medical Device Comment Period Ends, 2 Healthcare Organizations Call ...
2 healthcare executive organizations are calling on the FDA and the HHS to produce more guidance for medical device manufacturers.