Review of Apache Struts vulnerabilities yields 24 updated advisories

Review of Apache Struts vulnerabilities yields 24 updated advisories

We found that 24 Apache Struts Security Advisories incorrectly list impacted versions and that previously disclosed vulns affect an additional 61 versions. The post Review of Apache Struts vulnerabilities yields 24 updated advisories appeared first on Software Integrity Blog ... Read More
DEF CON 26 - Riedesel and Hakimian  - Tineola Taking a Bite Out of Enterprise Blockchain

The Synopsys Cybersecurity Research Center (CyRC): Advancing the state of software security

| | General
The Synopsys Software Integrity Group is pleased to announce the public launch of CyRC (Cybersecurity Research Center). Our mission is simple—to advance the state of software security through research, innovation, and evangelism. More specifically, we strive to provide resources and information around the identification, severity, exploitation, mitigation, and defense against ... Read More
The intersection between IAST and SCA and why you need both in your security toolkit

The intersection between IAST and SCA and why you need both in your security toolkit

Two powerful yet relatively new technologies in application security testing are interactive application security testing (IAST) and software composition analysis (SCA). IAST solutions are designed to help organizations identify and manage security risks associated with vulnerabilities discovered in running web applications using dynamic testing (a.k.a. runtime testing) techniques. SCA, a ... Read More
Electoral trust meets software security

Electoral trust meets software security

| | Application Security
It’s fair to say that regardless of where you live, assuming you have democratic elections, you want your vote to count—without any form of external influence or tampering. It’s also fair to say that until the most recent election cycle, for many Americans, election tampering was pretty low on their ... Read More
LifeLock lesson—Third party security is your security

LifeLock lesson—Third party security is your security

On July 25, on his blog Krebs on Security, Brian Krebs covered a flaw in how LifeLock processed “unsubscribe” information related to its marketing activities. For those unfamiliar with LifeLock, it is a subsidiary of Symantec offering identity monitoring and protection services in the U.S. market. Brian outlined an issue ... Read More
Timehop breach provides GDPR response template

Timehop breach provides GDPR response template

| | Data breach, GDPR
With the disclosure of 21 million individuals’ account information being accessed in a data breach at Timehop, we now have a blueprint for what public disclosure of a breach might look like under the new GDPR rules. In their disclosure, Timehop stated that on July 4, malicious actors gained access ... Read More