Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2020

CyRC analysis: Circumventing WPA authentication in wireless routers with Defensics fuzz testing

Three WPA authentication bypass vulnerabilities were found in wireless routers using the Defensics fuzz testing tool. WPA3 will become a mandate for all new wireless devices, which can only be a good thing considering the number of vulnerabilities found in WPA2 implementations. Learn about the basic concepts (and common weaknesses) of WPA authentication, how these vulnerabilities work, and how proactive fuzz testing can identify and address similar issues in WPA implementations.

Application Security Decoded: What It Means For IoT Devices, Security & Privacy | Synopsys

In our new video series, “AppSec Decoded,” Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre (CyRC), sat down with Laurie Carr, blog managing editor at Synopsys, to discuss the future of IoT devices and what it means for security and privacy.

Get effective DevSecOps with version control

“Version control” sounds a bit like something used by people scattered around the country trying to collaborate on a story. But it’s a crucial part of software development, especially in the DevSecOps era, where you need to ensure that the speed of the CI/CD pipeline doesn’t outrun quality and security. That’s because software development isn’t like an assembly line where a product moves from one group of workers to the next in a perfectly coordinated sequence.

Synopsys' Seeker IAST wins Best Cloud and Web Application Security category at CybersecAsia Awards

Synopsys is proud to announce that Seeker® IAST won the CybersecAsia 2020 award for Best Cloud and Web Application Security. This award underscores Seeker’s position as an industry leader in functionality and capability, offering best-in-class detection, tracking, and monitoring of sensitive data leakages for today’s modern and complex web, mobile, and cloud-based applications.

Making SCA part of your AST Strategy

Open source software is now used in nearly every organization, which makes it critical to know your code. Learn how an SCA tool can help you. There’s an ongoing sea change in how developers ensure a more secure software development life cycle (SDLC). “Shift left” is the notion that creating high-quality software begins with planning and continues through the development and testing stages to actual deployment.

DIY Guide to Open Source Vulnerability Management

You've realized you need to do a better job of tracking and managing your open source as well as the vulnerabilities and licenses associated with it. How hard can vulnerability management be? Do you really need special tools? After all, the license and vulnerability information is publicly available. Once you get a list of open source components and do some Google searching, you should be all set, right?

Are you ready for ISO SAE 21434 Cybersecurity of Road Vehicles?

The goal of ISO SAE 21434 is to build upon functional safety standard ISO 26262 and provide a framework similar to it for the entire life cycle of road vehicles. The major components of this new standard include security management, project-dependent cyber security management, continuous cyber security activities, associated risk assessment methods, and cyber security within the concept product development and post development stages of road vehicles.

The BSIMM: Five key steps to a better software security initiative

If you care about software security—and you should, since to be in business today means that no matter what you do or produce, you’re also a software company—you should be interested in the Building Security In Maturity Model (BSIMM). It can serve as a roadmap to better security.

Announcing Polaris support for GitHub Actions

Security and development teams are increasingly adopting DevOps methodologies. However, traditional security tools bolted onto the development process often cause friction, decrease velocity, and require time-consuming manual processes. Manual tools and legacy AppSec approaches limit security teams’ ability to deliver the timely and actionable security feedback needed to drive improvements at the pace of modern development.

Best Practices for Reducing Web Services and API Risks in M&A

Just like most software assets contain open source, modern software applications commonly link to external web services via APIs. But developers using web services might not have a suitable agreement to do so, and they may be inadvertently signing their companies up to terms of service. This white paper covers the types of risk associated with web services and how they can affect an M&A transaction.

Achieve PCI DSS Compliance With Seeker

More than 11.5 billion records with sensitive information were breached between January 2005 and January 2019 (PrivacyRights.org). If your business stores, processes, or transmits cardholder data, it's imperative that you implement standard security procedures and technologies to prevent the theft of this sensitive information. Start by ensuring you're in compliance with the technical and operational requirements set by the Payment Card Industry Data Security Standard (PCI DSS).