Defensics extends fuzzing capabilities for IoT markets
Internet of Things (IoT) devices are becoming ubiquitous, with billions deployed in the world. And threat actors are constantly looking for vulnerabilities in them because, unlike traditional IT devices, once IoT devices with fixed firmware are deployed, it is often impossible to fix problems. That’s why it is critical to thoroughly test the security and …
Continue reading “Defensics extends fuzzing capabilities for IoT markets”
Eliminate false positives with WhiteHat Dynamic
WhiteHat Dynamic helps organizations eliminate false positives. In the digital age, web apps are the engine that powers business. Organizations rely on web apps to run everything from internal team sites and HR portals to external client portals, business interfaces, and shopping carts. But web apps are also where threat actors can attack your business-critical …
Continue reading “Eliminate false positives with WhiteHat Dynamic”
Whose IP is it anyway? Introducing Synopsys AI code analysis API
With generative AI tools like ChatGPT, GitHub Copilot, and Tabnine flooding the software development space, software developers are quickly adopting these technologies to help automate everyday development tasks. And the use of these AI tools is continuing to expand exponentially, as evidenced by a recent Stack Overflow survey that found an overwhelming 70% of its 89,000 respondents …
Continue reading “Whose IP is it anyway? Introducing Synopsys AI code analysis API”
Challenges of interoperability in fuzz testing
Understanding how to overcome the challenges of interoperability in fuzz testing helps ensure efficient and comprehensive testing results. In fuzz testing, interoperability means that the system under test (SUT) is in the correct state to receive fuzz test data for efficient and comprehensive testing. Defensics® is a generational, model-based fuzzer that recognizes the protocol that users are …
Continue reading “Challenges of interoperability in fuzz testing”
Software quality: Diligence prep for sellers
Due diligence for buyers Every year, thousands of tech companies go through mergers and acquisitions (M&As), with transaction totals reaching billions of dollars. During an M&A transaction the stakes are at their highest, and acquirers must ensure that they are making a solid investment. As part of the process of making a fully informed decision, …
Continue reading “Software quality: Diligence prep for sellers”
Top open source licenses and legal risk for developers
Learn about the top open source licenses used by developers in 2022-23, including the 20 most popular open source licenses, and their legal risk categories. Software supply chain management needs license as well as security compliance If you’re a software developer, you’re probably using open source components and libraries to build software. You know those …
Continue reading “Top open source licenses and legal risk for developers”
Production-safe DAST: Your secret weapon against threat actors
Software powers modern businesses, but these ever-evolving applications and systems can also include vulnerabilities that threat actors can exploit to disrupt, threaten, and steal critical data. But fear not: Robust security processes can mitigate most of these risks and ensure that new features and updates are properly tested. By incorporating dynamic application security testing (DAST) …
Continue reading “Production-safe DAST: Your secret weapon against threat actors”
2023 OSSRA: A deep dive into open source trends
Open source is everywhere, as is the need to properly manage it. Get the latest open source trends from the 2023 OSSRA report. It’s that time of year again: Now in its 8th edition, the Synopsys “Open Source Security and Risk Analysis” (OSSRA) report launched earlier this week. This year’s report, produced by the Synopsys Cybersecurity Research Center (CyRC), …
Continue reading “2023 OSSRA: A deep dive into open source trends”
Software risks and technical debt: The role of process in determining good software
Understanding how software is developed and the areas impacted by technical debt can help lawyers and investors assess software risks during an M&A. Insight into how software is developed and what kinds of issues can lurk in a codebase enables businesspeople and lawyers to better understand software risks and how to mitigate them. Disciplined development …
OWASP Top 10: Broken access control
Listed as #1 on the OWASP Top 10 list, broken access control is when an attacker can gain unauthorized access to restricted information or systems. Access control ensures that people can only gain access to things they’re supposed to have access to. When access control is broken, an attacker can obtain unauthorized access to information …
