Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
While one might anticipate that the more complex an application is, the more likely it is to have security vulnerabilities, a recent analysis from Black Duck found the opposite to be true. Its 2024 Software Vulnerability Snapshot report analyzed data from 200,000 dynamic application security testing scans for 1,300 applications across 19 different industry sectors. … continue reading
Several high profile software supply chain security incidents over the last few years have put more of a spotlight on the need to have visibility into the software supply chain. However, it seems as though those efforts may not be leading to the desired outcomes, as a new survey found that only one out of … continue reading
One of Google’s security research initiatives, Project Zero, has successfully managed to detect a zero-day memory safety vulnerability using LLM assisted detection. “We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software,” the team wrote in a post. Project Zero is … continue reading
The Open Source Security Foundation (OpenSSF) is updating its Developing Secure Software (LFD121) course with new interactive learning labs that provide developers with more hands-on learning opportunities. LFD121 is a free course offered by OpenSSF that takes about 14-18 hours to complete. Any student who passes the final exam gets a certificate that is valid … continue reading
Microsoft is making it easier to use passkeys on Windows 11 by introducing a way for third-party passkey providers to integrate with Windows’ passkey system, improving the user experience for creating and using passkeys, and adding the ability to sync passkeys across multiple Windows 11 devices. Passkeys are a safer alternative to passwords where users … continue reading
Open source maintainers do significantly more security and maintenance work than unpaid maintainers, yet 60% of all maintainers remain unpaid, according to the 2024 State of Open Maintainer report from Tidelift. “The health and security of our global software infrastructure depends on open source maintainers,” Donald Fischer, co-founder and CEO, Tidelift, said in an announcement … continue reading
At its annual user conference, swampUp, the DevOps company JFrog announced new solutions and integrations with companies like GitHub and NVIDIA to enable developers to improve their DevSecOps capabilities and bring LLMs to production quickly and safely. JFrog Runtime is a new security solution that enables developers to discover vulnerabilities in runtime environments. It monitors … continue reading
GitHub is rolling out a new feature to not only help developers find vulnerabilities, but fix them quickly. Copilot Autofix in GitHub Advanced Security (GHAS) analyzes vulnerabilities, explains their importance, and offers suggestions on how to remediate them. “For developers who aren’t necessarily security experts, Copilot Autofix is like having the expertise of your security … continue reading
Every year, Forrester puts together a list of 10 emerging technologies to watch. This year’s list was released in June, and in the most recent episode of our podcast, What the Dev?, we were able to sit down with Brian Hopkins, VP of Emerging Tech Portfolio at Forrester, about the list. Here is an edited … continue reading
In an effort to reduce the number of vulnerabilities in Android apps, Google is introducing the Android Application Security Knowledge Base (AAKB). The AAKB includes a database of common code issues, complete with examples on how to remediate them and explanations on how to implement specific code patterns. Google already does scan Android apps for … continue reading
The software intelligence company CAST is trying to make it easier for development teams to create and manage Software Bill of Materials (SBOMs) with the launch of the CAST SBOM Manager. This new free tool automates the process of creating SBOMs. Developers give the SBOM Manager access to their code repositories and it will create … continue reading
A number of companies have announced the formation of the Coalition for Secure AI (CoSAI), a group dedicated to addressing the security risks related to using AI. CoSAI was founded by Amazon, Anthropic, Chainguard, Cisco, Cohere, GenLab, Google, IBM, Intel, Microsoft, NVIDIA, OpenAI, Paypal and Wiz. It will be hosted at the standards body OASIS … continue reading
