Software Integrity Blog

Archive for the 'Software Security Research' Category

Apache Struts research at scale, Part 3: Exploitation

During our CVE-2018-11776 research, we created our own proofs-of-concept so they’d work in a variety of configurations at scale (115 versions of Struts).

Continue Reading...

Posted inSoftware Security Research

CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices

We dig into the inner workings of trustlets, how different components work together to provide a Trusted Execution Environment, and how to attack them.

Continue Reading...

Posted inMobile App Security,Software Security Research

CyRC Vulnerability Advisory: CVE-2020-7958 biometric data disclosure vulnerability in OnePlus 7 Pro Android phone

Read the Synopsys Cybersecurity Research Center’s (CyRC) analysis of CVE-2020-7958, a biometric data disclosure vulnerability in the OnePlus 7 Pro Android phone.

Continue Reading...

Posted inSoftware Security Research

Apache Struts research at scale, Part 2: Execution environments

During our CVE-2018-11776 research, after building 115 versions of Apache Struts, we had to address the challenges of recreating the execution environments.

Continue Reading...

Posted inSoftware Security Research

World’s top hackers meet at the first 5G Cyber Security Hackathon

Our Defensics R&D team put a couple of Synopsys tools to the test in the 5G Cyber Security Hackathon in Oulu, Finland, and placed in both of their competitions.

Continue Reading...

Posted inFuzz Testing,Software Composition Analysis (SCA),Software Security Research

Apache Struts research at scale, Part 1: Building 115 versions of Struts

When our research findings fromCVE-2018-11776prompted us to research other vulnerabilities, the first step was building 115 versions of Apache Struts.

Continue Reading...

Posted inSoftware Security Research

The Synopsys Cybersecurity Research Center (CyRC): Advancing the state of software security

The Synopsys Software Integrity Group is pleased to announce the public launch of CyRC (Cybersecurity Research Center).

Continue Reading...

Posted inSoftware Security Research

CyRC Vulnerability Advisory: CVE-2018-18907 authentication bypass vulnerability in D-Link DIR-850L wireless router

Read the Synopsys Cybersecurity Research Center’s (CyRC) analysis of CVE-2018-18907, an authentication bypass vulnerability in the D-Link DIR-850L wireless router.

Continue Reading...

Posted inSoftware Security Research