archive-fi.com » FI » N » NOHAU.FI

Total: 286

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Hyödynnä CodeSonaria Security Auditoinissa | Nohau Solutions AB. Lean software development
    Nohausta Career Board of Directors Management team SE FI NO Partners Quality Policy Environmental Policy Nohau values Suppliers Contact Denmark Finland Norway Sweden Resources Uutisarkisto Tapahtumia Videokirjasto Financing Webinars 2016 Start Resources News Archive Hyödynnä CodeSonaria Security Auditoinissa Hyödynnä CodeSonaria Security Auditoinissa 2015 02 27 Performing a Security Audit with CodeSonar Drew DeHaas Research Scientist February 05 2015 Inspired by a recent demonstration to a CodeSonar customer I helped put together a 7 minute video on performing security audits with CodeSonar Yes I know what you re thinking 7 minutes is awfully short for a big topic like auditing software for security issues Or maybe Is this like one of those Teach Yourself C in 15 Minutes books So yes we re assuming you know a bit about software security and that you also care a bit about the security of your software Hopefully you know a bit about software analysis tools as well maybe you ve used valgrind or FindBugs or something more powerful like CodeSonar You know that these tools report possible bugs you know that they are sometimes wrong and you also know that they can find bugs that you wouldn t find otherwise We re also assuming you know a bit about tainted data and your program s attack surface If you are unfamiliar with taint analysis I recommend reading this whitepaper Protecting Against Tainted Data in Embedded Apps with Static Analysis Simply put taint analysis is used to discover the ways that potentially hazardous inputs tainted data can flow through a program to reach sensitive parts of code The whitepaper goes into much more detail describing taint sources and taint sinks and will also help get you more familiar with the concept of a program s attack surface So this video isn t so much

    Original URL path: http://www.nohau.fi/resources/news-archive/news-fi/hyodynna-codesonaria-security-auditoinissa (2016-04-29)
    Open archived version from archive


  • Supporting Operational Realities and Security Risks of the OT Space | Nohau Solutions AB. Lean software development
    is permitted to use a particular function system operators of traditional IPS are left with only one option open or close a port This is an all or nothing solution that is impractical and unusable Control protocols provide access to a range of equipment functionality such as equipment administration process control and process monitoring over a single TCP or UDP port Administrative functions control the configuration and programming of control equipment and have the highest potential for abuse changing control logic applications equipment configuration such as network addresses and system time and system operations such as reboots These functions are used infrequently by specially designated software and users and represent the greatest risk to the system Process control functionality alters the content of device memory and consequently the state of the process Often this occurs between devices where a change in the state of one device has an influence on the state of another device or a human facing interface allows the change of a set point or other control logic parameter Functionality that can change or influence the behavior of the process has increased risk to the system and requires a higher level access privilege than read only commands Process monitoring relies on commands that are read only such that they return the state of a device s memory but do not change the memory s content or configuration of the device These read only commands are the least risky to the continuity and integrity of the process system but can be used by unauthorized users and attackers to gather system intelligence Port based access control is insufficient to differentiate between different protocol functions and parameters and is impossible to implement the fine grained access control to the different classes of functionality provided by control protocols Bypass Exploit Signatures Malicious exploits of code normally have short life cycles which have traditionally prompted vendors of enterprise IT IPS to take the fastest short cuts in developing signatures These signatures are very good at detecting known exploits but insufficient in detecting the source vulnerability that initially led to the exploit There is a clear danger that attackers can easily modify an exploit to bypass the signatures For example many poor IPS signatures will make use of a pattern such as x41x41x41x41 which is a sequence of AAAA that the researcher was using to arbitrarily fill space An intermediate attacker can recognize such patterns and simply replace the A s with B s or another letter number thereby bypassing the exploit s specific protection Without understanding the software flaw that led to the security concern robust protection is impossible What is the meaning behind the actual exploit data And what actually triggered it There are multiple possibilities and without taking time to investigate and understand the details IPS vendors are always in catch up mode and plants open themselves up to avoidable risk Mandating IPS The Department of Homeland Security ICS CERT has long advocated using IPS as a key preventative measure

    Original URL path: http://www.nohau.fi/resources/news-archive/sv-news/supporting-operational-realities-and-security-risks-of-the-ot-space (2016-04-29)
    Open archived version from archive

  • Tips: 6 steg till ett funktionssäkert system | Nohau Solutions AB. Lean software development
    Verify Cyber Security Wurldtech Device Manufacturers Wurldtech Operators Floodgate Security Framework Testaushallinta Rational Quality Silk Central Malliohjattu kehitys Rational Rhapsody for Software CAN kenttäväyläratkaisut PEAK System Ohjelmistoarkkitehtuuri Lattix Protokolla analysaattorit Frontline Bluetooth USB analyzer Document Generation Author XG GEBS Reporting Web Publisher IBM Rational Koulutus Yleiset ehdot Offer Arkisto Uutisarkisto Tapahtumia Videokirjasto Financing Webinars 2016 Support Support General Support IBM Rational Nohausta Career Board of Directors Management team SE FI

    Original URL path: http://www.nohau.fi/resources/news-archive/sv-news/tips-6-steg-till-ett-funktionssakert-system (2016-04-29)
    Open archived version from archive

  • Lauterbach & Wind River to Deliver Support for the Full Portfolio of Wind River Operating Systems | Nohau Solutions AB. Lean software development
    Nohausta Career Board of Directors Management team SE FI NO Partners Quality Policy Environmental Policy Nohau values Suppliers Contact Denmark Finland Norway Sweden Resources Uutisarkisto Tapahtumia Videokirjasto Financing Webinars 2016 Start Resources News Archive Lauterbach Wind River to Deliver Support for the Full Portfolio of Wind River Operating Systems Lauterbach Wind River to Deliver Support for the Full Portfolio of Wind River Operating Systems 2015 02 26 TRACE32 the in circuit debug and trace solutions of Lauterbach will support all new releases of Wind River operating systems including the latest Wind River Linux VxWorks including Virtualization Profile and VxWorks 653 platforms In cooperation with Wind River Lauterbach has begun efforts to build OS Awareness functionality targeting all architectures that Wind River supports e g Intel x86 x64 Power Architecture ARM Cortex MIPS etc The close collaboration of both companies ensures a tight alignment of the tool versions As new OS versions are released an appropriate debug solution will also be available By the end of the year the TRACE32 tool family will also provide support for older versions of Wind River OSes TRACE32 can support Wind River virtualization offerings The debugger separates the special CPU access modes usually called hypervisor

    Original URL path: http://www.nohau.fi/resources/news-archive/sv-news/lauterbach-wind-river-to-deliver-support-for-the-full-portfolio-of-wind-river-operating-systems (2016-04-29)
    Open archived version from archive

  • TRACE32® and Timing-Architects bring together Hardware Trace Based Verification for Multi-core Systems | Nohau Solutions AB. Lean software development
    Reporting Web Publisher IBM Rational Koulutus Yleiset ehdot Offer Arkisto Uutisarkisto Tapahtumia Videokirjasto Financing Webinars 2016 Support Support General Support IBM Rational Nohausta Career Board of Directors Management team SE FI NO Partners Quality Policy Environmental Policy Nohau values Suppliers Contact Denmark Finland Norway Sweden Resources Uutisarkisto Tapahtumia Videokirjasto Financing Webinars 2016 Start Resources News Archive TRACE32 and Timing Architects bring together Hardware Trace Based Verification for Multi core Systems TRACE32 and Timing Architects bring together Hardware Trace Based Verification for Multi core Systems 2015 02 25 Integration of Lauterbach TRACE32 with the Timing Architects TA Tool Suite The integration allows the import of hardware traces of single and multi core applications recorded by TRACE32 into the TA Inspector The TA Tool Suite can then be used to detect errors in the application validate requirements and help the migration from single core to multi core projects by creating a timing model This workflow leads to an overall improvement in quality and safety of embedded multi core applications TRACE32 can record non intrusive operating system aware real time traces of embedded multi core applications without altering the run time behavior of the application TRACE32 extracts the timing behavior of the system

    Original URL path: http://www.nohau.fi/resources/news-archive/sv-news/trace32r-and-timing-architects-bring-together-hardware-trace-based-verification-for-multi-core-systems (2016-04-29)
    Open archived version from archive

  • LieberLieber Software and Lauterbach in cooperation | Nohau Solutions AB. Lean software development
    Publisher IBM Rational Koulutus Yleiset ehdot Offer Arkisto Uutisarkisto Tapahtumia Videokirjasto Financing Webinars 2016 Support Support General Support IBM Rational Nohausta Career Board of Directors Management team SE FI NO Partners Quality Policy Environmental Policy Nohau values Suppliers Contact Denmark Finland Norway Sweden Resources Uutisarkisto Tapahtumia Videokirjasto Financing Webinars 2016 Start Resources News Archive LieberLieber Software and Lauterbach in cooperation LieberLieber Software and Lauterbach in cooperation 2015 02 25 Cooperation with LieberLieber Software Development of a solution for optimizing and debugging embedded software at the model level The new solution combines the Lauterbach TRACE32 In Circuit Debugger product line with the LieberLieber UML Debugger The TRACE32 has already shipped to 100 000 customers and supports all common CPU architectures including ARM Cortex Intel x86 x64 Power Architecture and many others The UML Debugger is part of LieberLieber Embedded Engineer for Enterprise Architect a solution for the model based development of embedded systems The graphical debugger is integrated into the Enterprise Architect UML platform by Sparx Systems used by over 350 000 users worldwide It allows you to set hardware breakpoints directly in the model and then go through the process step by step The time response of the system being

    Original URL path: http://www.nohau.fi/resources/news-archive/sv-news/lieberlieber-software-and-lauterbach-in-cooperation (2016-04-29)
    Open archived version from archive

  • Lauterbach: New Product Overview 2015! | Nohau Solutions AB. Lean software development
    Framework Testaushallinta Rational Quality Silk Central Malliohjattu kehitys Rational Rhapsody for Software CAN kenttäväyläratkaisut PEAK System Ohjelmistoarkkitehtuuri Lattix Protokolla analysaattorit Frontline Bluetooth USB analyzer Document Generation Author XG GEBS Reporting Web Publisher IBM Rational Koulutus Yleiset ehdot Offer Arkisto Uutisarkisto Tapahtumia Videokirjasto Financing Webinars 2016 Support Support General Support IBM Rational Nohausta Career Board of Directors Management team SE FI NO Partners Quality Policy Environmental Policy Nohau values Suppliers Contact

    Original URL path: http://www.nohau.fi/resources/news-archive/sv-news/lauterbach-new-product-overview (2016-04-29)
    Open archived version from archive

  • PRQA: Further enhance of static analysis solutions | Nohau Solutions AB. Lean software development
    Malliohjattu kehitys Rational Rhapsody for Software CAN kenttäväyläratkaisut PEAK System Ohjelmistoarkkitehtuuri Lattix Protokolla analysaattorit Frontline Bluetooth USB analyzer Document Generation Author XG GEBS Reporting Web Publisher IBM Rational Koulutus Yleiset ehdot Offer Arkisto Uutisarkisto Tapahtumia Videokirjasto Financing Webinars 2016 Support Support General Support IBM Rational Nohausta Career Board of Directors Management team SE FI NO Partners Quality Policy Environmental Policy Nohau values Suppliers Contact Denmark Finland Norway Sweden Resources Uutisarkisto Tapahtumia Videokirjasto Financing Webinars 2016 Start Resources News Archive PRQA Further enhance of static analysis solutions PRQA Further enhance of static analysis solutions 2015 02 23 These latest releases further strengthen PRQA s complete code management solution making inspection and compliance with coding standards more effective improving integrations and giving greater visibility to stakeholders within the decision making process The new desktop Framework environment provides a new component based plug in architecture incorporating QA C and QA C components and making it easier to add additional third party components to facilitate integration into the broader software development tool chain This cross platform multi interface format enables the analysis of mixed language C and C projects Users have the option of command line or graphical user interfaces as well as full

    Original URL path: http://www.nohau.fi/resources/news-archive/news-2015/prqa-further-enhance-of-static-analysis-solutions (2016-04-29)
    Open archived version from archive