The following updates are now available for mir-swamp.org and SWAMP-in-a-Box. The latest SWAMP-in-a-Box version 1.34.6 files can be obtained from the download server or from GitHub.
Noteworthy changes include:
- We made significant updates to 3rd party sign-up and sign-in have been made. These allow Google sign-in to work after the Google+API was deprecated.
- Python 3 is now the default language version for Python packages
- Improvements for archiving downloaded packages from external URLs
- The SWAMP web API now returns more specific response codes for successful responses (response codes in the 200-299 range). Newer versions of the SWAMP plugins support the expanded response codes. New versions of the plugins can be found on our GitHub organization’s page.
- We have updated assessment platform images and dependencies on those platforms.
- We have discontinued support for Fedora 18, 19, and 20 assessment platforms
- We have updated backend frameworks to include upgrading to Laravel 7.2
- General enhancements and bug fixes
Changes specific to SWAMP-in-a-Box include:
- We have updated assessment platform images and dependencies on those platforms. For SWAMP-in-a-Box installations, the Ubuntu 16.04 new platform will be deployed with an upgrade to v1.34.6. For other new platforms you can download the new images and add them to your SWAMP-in-a-Box instance. Please refer to the SWAMP-in-a-Box Administrator Manual for instructions.
- A new Android Ubuntu 12.04 platform is available for download. This image includes the Android SDK from late 2019. This image is requires significant storage due to the Android SDK. Please refer to the SWAMP-in-a-Box Administrator Manual prior to downloading. The compressed image is approximately 76 GB and the uncompressed image is approximately 150 GB. You can download the Android Ubuntu platform from our download server.
- We have discontinued support for Fedora 18, 19, and 20 assessment platforms. If you have any of these platforms installed as add-ons, they will be removed when you upgrade to v1.34.6
The next few months are going to be busy for the SWAMP team. Check out what we’re going to be up to, and meet up with us if you can!
- SWAMP will be featured in the “Web Security and Automated Assessment Tools – Theory & Practice” tutorial at the NSF Cybersecurity Summit in San Diego, CA from 9am to 1pm on Tuesday, October 15.
- The SWAMP team’s first exhibition at Developer Week Austin is happening on November 6-7 in Austin, TX. Come check us out in the Expo Hall (Booth #307) at the Palmer Events Center.
- Join us in Denver, Colorado for Supercomputing 2019, and attend the tutorial “Secure Coding Practices and Automated Assessment Tools” on Sunday, November 17 from 8:30am to 5:00pm.
- On Monday, December 9, the Internet2 2019 Technology Exchange will feature a tutorial from SWAMP’s Chief Scientist, Bart Miller, and Elisa Heyman. Check out “Securing Coding Practices & Automated Assessment Tools” from 8:30am to 4:30pm.
- The SWAMP team will be exhibiting at Developer Week San Francisco – San Francisco’s largest developer conference! Visit us at the Oakland Convention Center on February 13-14, 2020.
More information about these and other events will be shared on the SWAMP’s home page and social media, so check back often!
Updates were made to the SWAMP today at mir-swamp.org.
- Updated the Ubuntu 16.04 platform, including newer Java build systems natively installed
- Assessments that fail due to network failures will now be re-tried automatically
- Performance improvements
- General enhancements and bug fixes
Please let us know if you have any questions at email@example.com.
Version 10.3 of Parasoft‘s C/C++test and Jtest tools are now supported as tool add-ons in SWAMP-in-a-Box (SiB), providing SWAMP users with secure, local access to Parasoft’s mature static analysis security solution inside their own network. With Parasoft support, SWAMP-in-a-Box now provides expanded access to preconfigured static analysis rulesets, including CWE Top 25, CERT, MISRA, and UL-2900.
“This is an important next step in our partnership with Parasoft to advance the adoption of Continuous Assurance,” says Miron Livny, SWAMP Director and Chief Technology Officer. “Organizations that deploy their customized instances of SWAMP-in-a-Box will benefit from easy and managed access to the evolving capabilities offered by Parasoft’s software testing solutions.”
“We’re very excited to be supporting SWAMP-in-a-Box. Parasoft was the first commercial static analysis tool available in the SWAMP, and it’s great to see the SiB feature give greater access to SWAMP capabilities by allowing users to keep analysis and code on premises,” said Arthur Hicken, Evangelist at Parasoft.
To learn more about Parasoft and SiB, join the upcoming webinar on March 8, 2018 at 1pm Eastern (12pm Central), or contact Parasoft at firstname.lastname@example.org.
Read the full article
The SWAMP, along with several other companies and universities, participated in a recent exploratory working group focused on shaping the future of software security. The goal was to “create a very succinct and concrete plan of real-world actions that are executable today for a more resilient software world.” Four working group sessions, led by industry experts, discussed gaps in assurance tool technologies, labeling software with assurance levels to improve the software supply chain, creating a more orthogonal encyclopedia of software weaknesses than CWEs, and mobility app security threats. Read the full article on Dark Reading for the detailed talking points and takeaways.