Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2021

AppSec Decoded: New executive order changes dynamic of software security standards

In this episode of AppSec Decoded, we discuss the impact of the new executive order by the Biden administration on organizations working with the government. The past year has led many people and organizations to depend more on technology, completely changing the way they operate. With the increased dependency of technology, it should come as no surprise that the number of breaches and security risks have increased as well.

How to cyber security: Addressing security fatigue

Addressing security fatigue with small changes to your AppSec strategy can help you manage and minimize risks in your applications. How many times a day does something like this happen to you? Is it 10 times a day? 25? 100? I’m a highly technical security professional and I’m not even sure what I should do. What is PC-Doctor? What is SystemIdleCheck.exe? If I click No, will something not work the way that I want it to work? Each time you see such a prompt, what do you do?

AppSec Decoded: New executive order changes dynamic of software security standards | Synopsys

In this episode of AppSec Decoded, Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center (CyRC), discusses how the new executive order from the Biden administration will change the way government entities or the heads of those entities operate to adjust to the surge of security threats.

Build developer trust with faster, accurate AppSec testing from Rapid Scan

Synopsys Rapid Scan helps developers build secure apps with faster, accurate application security testing. The word “rapid” has particular importance when it comes to what developers expect from application security solutions. Anything that slows down development efforts causes friction.

Shift even further left with blazing-fast Rapid Scan SAST

Why fixing software issues as you code matters and how Rapid Scan SAST can help. It’s common knowledge that fixing bugs early in the software development life cycle (SDLC) is much faster and less costly than doing it later. However, did you know that developers prefer finding and fixing bugs as they code rather than getting a list of identified issues even just one day later?

Practical solutions for a secure automotive software development process following ISO/SAE 21434

The final draft international standard (FDIS) of ISO/SAE 21434 “Road vehicles – cybersecurity engineering” was released in May of this year, with the final version expected to be released a few months later.

Synopsys Defensics R&D team places second in 5G Cyber Security Hack 2021 event

The Synopsys Defensics R&D team put the Defensics fuzz testing tool to the test in the 5G Cyber Security Hack event and placed second in the competition. Finnish transport and communications agency Traficom, together with challenge partners Aalto University, Cisco, Ericson, Nokia, and PwC, organized the 5G Cyber Security Hack, which was held June 18 to 20, 2021.

Intelligent Orchestration and Code Dx: Security superheroes

Building security into DevOps has its challenges. Address them with a modern approach to AppSec using Intelligent Orchestration and Code Dx. As a kid, I was fascinated by superheroes like Spider-Man and Superman, and now as an adult I enjoy watching Wonder Woman. There is something about these movies—all the superheroes are unseen and come to the rescue at the right time, and once they have helped, they just disappear without even taking any credit.

Reduce open source software risks in your supply chain

Knowing what’s in your open source software, whether you’re a consumer or producer, can help you manage security risks in your supply chain Modern open source software (OSS) is a movement that started in the eighties as a reaction to commercial software becoming more closed and protected. It allowed academics, researchers, and hobbyists to access source code that they could reuse, modify, and distribute openly.

Getting started with writing checkers using CodeXM

Writing a good checker can take a lot of effort. CodeXM makes writing certain types of checkers much easier. Static application security testing (SAST) is best described as a method of debugging by automatically examining the source code before the application is deployed. It provides an understanding of the code structure, finds quality and security flaws present in the code, and helps ensure adherence to secure coding standards.

AppSec Decoded: The state of mobile application security during the pandemic | Synopsys

In this episode of AppSec Decoded, we spoke with Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Center (CyRC), to learn about the state of mobile application security during the pandemic. The information is based on a new Synopsys report, "Peril in a Pandemic: The State of Mobile Application Security."