7 cyber security tips for financial services firms | Synopsys
Here are seven cyber security tips for financial services firms to improve data security, lock down their assets, and protect their customers and clients.
7 software security myths about best practices | Synopsys
Software security best practices are meant to improve security initiatives, not secure single applications. Let’s debunk 7 common software security myths.
A methodology for quantifying risks from web services | Synopsys
How do you quantify the risks of using of web services that make calls to various APIs available commercially and in the public domain for “free” usage?
8 must-have features in an IAST solution | Synopsys
Selecting the perfect IAST solution for your organization’s needs can be difficult. Learn about the eight must-have features of any good IAST tool.
AAMI TIR57 is an FDA medical device cybersecurity standard | Synopsys
The FDA has formally recognized AAMI TIR57 "Principles for medical device security - Risk management" as a medical device cybersecurity standard.
Checklist: 7 elements of GDPR software security compliance | Synopsys
Our GDPR compliance checklist explains seven steps you can take to improve your software security initiative and illustrate GDPR software security compliance.
A Quick Guide to the Complex: Ecto.Multi | Synopsys
Abuse cases: How to think like a hacker | Synopsys
Writing abuse cases is an exercise in “thinking like the enemy." It's a great way to help secure your software and systems and stay ahead of attacks.
3 ways abuse cases can drive security requirements | Synopsys
Learn how to use abuse cases to determine security requirements, strengthen controls, and improve the security of an application's business features.
Learn how to accelerate your agile security strategy | Synopsys
Find the most aerodynamic way to build security into agile development with a variety of tools that effectively meet your firm's challenges.
Agile application security vs. traditional application security | Synopsys
How does agile application security differ from traditional application security, and what does it mean for your agile development practice?
How Does Agile Overcome Common Software Security Challenges? | Synopsys
Utilizing an Agile software development life cycle can optimize your practices to overcome common software security challenges. Learn how.
What’s the difference between agile, CI/CD, and DevOps? | Synopsys
While Agile, CI/CD, and DevOps are different, they support one another. Agile focuses on the development process, CI/CD on practices, and DevOps on culture.
4 advanced license compliance features you probably need | Synopsys
Open source license noncompliance can have severe implications. Here are four advanced license compliance features that help protect your proprietary code.
Agile security: Add security to your agile development process | Synopsys
How do you transition from traditional software security to agile security? Learn how to integrate security into your agile development process.
Agile Software Development Tricks for the Security Savvy | Synopsys
Waiting for the agile fad to pass? Agile software development is here to stay and is being adopted by organizations of all sizes.
Agile vs. security: Resolving the culture clash | Synopsys
When considering the clash that often results from agile vs. security, it's important to see that there's a difference between being agile and doing agile.
AGPL: Out of the shadows—the Affero GPL 3 | Synopsys
Shortly after the release of GPL3, the FSF released Affero GPL 3, or AGPL, in part to close the "SaaS loophole" in GPL. What is AGPL, and who uses it?
IAST defined, plus the advantages of IAST for business-critical software
As an acronym, IAST is awkward to pronounce or to guess what it stands for. But as a testing tool, IAST is remarkably effective at rooting out potentially catastrophic bugs in web-based ...
Are Android OEMs responsible for the gap in mobile security updates? | Synopsys
There may be legitimate reasons why an OEM or carrier may choose not to push out a security update for a particular type of device. Get the full story.
Here Are the Top 10 Best Practices for Securing Android Apps | Synopsys
No matter what type of Android app you intend to build, consider these 10 best practices for improving the security posture of your Android mobile apps.
Hard questions after an airline software ‘glitch’ leads to a crash | Synopsys
The parts and systems on an airplane don’t have to fail in a big way to have big consequences. A flaw in airline software could be a matter of life or death.
AMCA breach affects Quest and LabCorp: Third-party security | Synopsys
The AMCA breach hammers home the need for supply chain security. Here’s how to vet your vendors so you can keep from becoming the next Quest or LabCorp.
Since Android WebViews are browser controls in an app, they invite traditional web attacks. Learn how to protect against Android WebView attacks.
AngularJS Is Secure by Default, Right? Not So Fast. | Synopsys
While Angular adds much-needed features to the language, it also creates a handful of new problems for developers.
An Escape Room Called the “AngularJS Sandbox” | Synopsys
The AngularJS sandbox should not be considered a security boundary. Here, we'll explore what that's the case and how to protect against vulnerabilities.
AngularJS 1.6: Life Outside the Sandbox | Synopsys
If you haven't already evaluated the impact of this on your Angular code in preparation for the changes, it's high time to do so.
AngularJS Security Series Part I: Angular $http Service | Synopsys
Our goal for this AngularJS security series is simple: to help developers better understand Angular and embrace the practice of writing more secure code.
Announcing GraphQL Security Scanning | Synopsys
Announcing Tinfoil Security's Login Recorder | Synopsys
Recognizing Another Type of Threat: Non-targeted Attacks | Synopsys
Non-targeted attacks exploit a weakness in software and in an organization’s defenses: awareness of vulnerable components in their applications.
Announcing the Tinfoil Security Heroku Add-on | Synopsys
Answering the most frequently asked questions about GDPR | Synopsys
What’s the definition of “personal data” under GDPR? What are the penalties for noncompliance? How can Synopsys help you along your GDPR compliance journey?
Anthem data breach and advances in healthcare security | Synopsys
The Anthem data breach in 2014–2015 was the largest healthcare data breach ever. But healthcare cyber security has improved since then.
The Apache Software Foundation can take a joke, except about licensing
If you use open source, what’s good for the Apache Software Foundation is usually good for you. What do they say about “joke licenses” and Category X?
Strutshock: Apache Struts 2 Remote Code Execution | Synopsys
Apache barred the Facebook BSD+Patents license | Synopsys
Apache Software Foundation has tagged the Facebook BSD+Patents license as Category X, barring it from inclusion in Apache projects. Should you be worried?
New Apache Struts 2 zero-day vulnerability: What you need to know | Synopsys
At this time, hackers are actively exploiting the critical Apache Struts 2 zero-day vulnerability and are able to take complete control of web servers. Run a scan using software composition ...
Did an Apache Struts vulnerability trigger the Equifax hack? | Synopsys
In recent days, more details of the Equifax hack have come to light. There’s now speculation that attackers exploited an Apache Struts vulnerability.
Apache Struts research, Part 1: Building 115 versions of Struts | Synopsys
When our research findings from CVE-2018-11776 prompted us to research other vulnerabilities, the first step was building 115 versions of Apache Struts.
Examining Apache Struts remote code execution vulnerabilities | Synopsys
Apache published details of CVE-2017-12611, the fourth critical Apache Struts remote code execution vulnerability in 2017, the day Equifax announced the breach.
Apache Struts research, Part 2: Execution environments | Synopsys
During our CVE-2018-11776 research, after building 115 versions of Apache Struts, we had to address the challenges of recreating the execution environments.
Apache Struts Security Advisories updated after review | Synopsys
We found that 24 Apache Struts Security Advisories incorrectly list impacted versions and that previously disclosed vulns affect an additional 61 versions.
Apache Struts research, Part 3: Exploitation | Synopsys
During our CVE-2018-11776 research, we created our own proofs-of-concept so they’d work in a variety of configurations at scale (115 versions of Struts).
API Security Scanning: How is it done the right way? | Synopsys
3 steps to reduce API / web service risk in M&A due diligence | Synopsys
Learn more about the risk areas related to APIs and web services during due diligence in M&A transactions involving software, and how to reduce each risk.
What is API security? How does it fit in your security program? | Synopsys
Modern systems rely on complex systems of APIs exposed through a variety of networks. What is API security, and how does it fit into your security program?
Software development lessons from Apollo 11 still relevant | Synopsys
What did Apollo 11 teach us about software development? Coding practices have changed since 1969, but the lessons learned from the moon mission still hold.
What the Aporeto Trireme Project Means for the Security Community
Our team at Aporeto, the company behind Open Source Rookie Aporeto Trireme project, embarked on a journey to redefine application security with the cloud. As we were operationalizing data center ...
App security features and usability | Synopsys
Why do users feel they have to choose between security vs. performance, security vs. usability, or security vs. functionality? You don't have to choose.