Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

 

Preparing for TLS certificate lifetimes dropping from 398 days to 47 days by 2029

Earlier this month, the Certification Authority(CA)/Browser Forum voted to significantly shorten the lifetime of TLS certificates: from 398 days currently to 47 days by March 15, 2029. The CA/Browser Forum is a collective of certificate issuers, browsers, and other applications that use certificates, and they’ve long been discussing the potential for shorter certificate lifetimes.  As … continue reading

Harness launches Traceable Cloud WAAP to unify security and observability for cloud-native applications, APIs

Harness has announced a new offering to help developers secure their cloud-native applications and APIs, the first major update to feature Traceable’s technology since the companies merged earlier this year.  Traceable Cloud Web Application and API Protection (WAAP) provides web application protection, API security, bot mitigation, and DDoS defense. According to Sudhir Patamsetti, senior. director … continue reading

Snyk announces new DAST solution for securing APIs and web apps

Snyk has announced a new dynamic application security testing (DAST) solution designed specifically for AI-powered software development.  Snyk API & Web allows developers to test the security of all of their APIs and web apps, regardless of if the code was written by a developer or AI. It also provides detailed recommendations on how to … continue reading

Symbiotic Security launches AI tool for detecting and fixing vulnerabilities in code

Symbiotic Security is releasing a new tool that will enable automatic detection and remediation of vulnerabilities in code. Embedded directly into a developer’s IDE, Symbiotic Security Version 1 utilizes an AI model that was trained on a “proprietary, security-specific, and verified dataset.”  In addition to detecting and remediating issues, it also features a built-in chatbot … continue reading

CVE Program rescued at the last minute after concerns over losing its government funding

The fate of the CVE Program—a database that catalogs publicly disclosed security vulnerabilities—was unknown over the past 24 hours.  Yesterday, it was leaked that the maintainer of the CVE Program, MITRE, sent a letter to CVE board members, saying that funding for the CVE program was set to expire today, April 16.  “If a break … continue reading

Orca Security announces new solution for scanning Bitbucket repositories for security issues

Orca Security has announced a new integration that will enable it to scan Bitbucket repositories for misconfigurations, exposed secrets, and vulnerabilities. According to Orca Security, code scanning is an important element of any security program, and when developers utilize public code repositories, they typically have to manually embed CLI security tools into each repository and … continue reading

GitHub introduces security campaigns to help developers reduce security debt

GitHub is announcing updates to its security offerings to help development teams tackle their security risk. Now generally available, security campaigns are a new way to bring security teams and development teams together.  Security teams can prioritize the risks that need to be addressed across repositories and add them to a security campaign, which is … continue reading

Sonatype reveals 18,000 malicious open source packages in its Q1 Open Source Malware Index

Sonatype, a company focused on software supply chain security, has announced the results of its quarterly Open Source Malware Index, which provides insights into malicious open source packages.  The index found 17,954 malicious open source software packages, including several hijacked npm crypto packages, a malicious npm package disguised as the Truffle for VS Code extension, … continue reading

GitHub unbundling its GitHub Advanced Security offering starting in April

GitHub announced it is making some changes to GitHub Advanced Security (GHAS), its AI-powered solution for application security that offers remediation, static analysis, secret scanning, and software composition analysis. Beginning April 1, GHAS will be split into two products that will be available as standalone options. GitHub Secret Protection prevents secret leaks by scanning secrets … continue reading

Symbiotic Security updates its IDE extension to give developers better insights into insecure code as it is written

Symbiotic Security has announced updates to its application and IDE extension, which provides secure coding recommendations and fixes vulnerabilities as code is written. “With Symbiotic’s software, security is no longer an afterthought; it is where it should have always been – integrated into the software development lifecycle (SDLC) as a foundational part of the coding … continue reading

Podcast: From “shift left” to “shift everywhere”

For years developers have been told to shift left, meaning that testing happens at the start of the software development process. The idea behind this is that it’s easier and more cost effective to find and fix an issue earlier on in an application’s life cycle. However, Dylan Thomas, senior director of product engineering at … continue reading

Integration timelines: How to plan for success without surprises

Integrations are nonnegotiable for SaaS companies. The average business’s SaaS portfolio encompasses 342 apps. Without integrations, these apps become data silos, and we all know the challenges with those.  Customers expect seamless connectivity. According to G2, B2B software buyers consider integration capabilities a top factor in their decisions. Another survey found more than half of … continue reading

1 2 3 75
DMCA.com Protection Status