Finding and fixing vulnerabilities early and teaching developers to avoid security missteps in the first place results in more secure code, and it also prevents costly rework and unnecessary delays.” Coverity integration with new eLearning platform “That means equipping developers with the tools and training they need to take ownership of the security of their code.
“As more organizations adopt rapid and iterative development methodologies, it is increasingly important to shift security left in the development process,” said Andreas Kuehlmann, senior vice president and general manager of Synopsys Software Integrity Group.
The Coverity release also includes security analysis enhancements for detecting more vulnerabilities across a variety of programming languages and frameworks, including the ability to identify code patterns vulnerable to the highly publicized Spectre attacks. The integration provides developers with convenient access-directly from the Coverity interface-to short, context-relevant training modules to help them address security issues Coverity detects in their code. The latest Coverity® release, recognized by Gartner and Forrester as a leading static application security testing (SAST) tool, features seamless integration with Synopsys’ completely rebuilt eLearning platform, an on-demand security training solution for developers. (Nasdaq: SNPS) today announced the availability of several new product features that enable developers to build secure applications faster. For example, verbose server banners-found in 49% of the tests-provide information such as server name, type, and version number, which could allow attackers to perform targeted attacks on specific technology stacks.Singapore, #microwireinfo, J– Synopsys, Inc. Nonetheless, surfacing these vulnerabilities is not an empty exercise, as even lower-risk vulnerabilities can be exploited to facilitate attacks. That is, the issues found are not directly exploitable by attackers to gain access to systems or sensitive data. 53% of the mobile tests uncovered vulnerabilities associated with insecure communications.Ħ4% of the vulnerabilities discovered in the tests are considered minimal-, low-, or medium-risk. These vulnerabilities could allow an attacker to gain access to a mobile device either physically (i.e., accessing a stolen device) or through malware. 30% of the targets had high-risk vulnerabilities, and 6% had critical-risk vulnerabilities.Ĩ0% of the discovered vulnerabilities in the mobile tests were related to insecure data storage. Out of the 3,900 tests conducted, 97% of the targets were found to have some form of vulnerability. We've seen a heavy increase in assessment demand throughout the pandemic." "With insufficient AppSec resources in the market, organizations are leveraging application testing services such as those Synopsys provides in order to flexibly scale their security testing. "Cloud-based deployments, modern technology frameworks, and the rapid pace of delivery is forcing security groups to react more quickly as software is released," said Girish Janardhanudu, vice president, security consulting at Synopsys Software Integrity Group. Industries represented in the tests included software and internet, financial services, business services, manufacturing, media and entertainment, and healthcare.
The data, compiled by tests performed by Synopsys security consultants in our assessment centers for our customers, included penetration testing, dynamic application security testing, and mobile application security analyses, designed to probe running applications as a real-world attacker would.Ĩ3% of the tested targets were web applications or systems, 12% were mobile applications, and the remainder were either source code or network systems/applications.
Synopsys, the silicon to Software partner for companies that develop electronic products and software applications, has published " 2021 Software Vulnerability Snapshot: An Analysis by Synopsys Application Security Testing Services ," a report examining data from 3,900 tests conducted on 2,600 targets (i.e., software or systems) during 2020. Most applications have some form of software vulnerability, according to a new report published by software security company Synopsys.