Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
Orca Security has announced a new integration that will enable it to scan Bitbucket repositories for misconfigurations, exposed secrets, and vulnerabilities. According to Orca Security, code scanning is an important element of any security program, and when developers utilize public code repositories, they typically have to manually embed CLI security tools into each repository and … continue reading
GitHub is announcing updates to its security offerings to help development teams tackle their security risk. Now generally available, security campaigns are a new way to bring security teams and development teams together. Security teams can prioritize the risks that need to be addressed across repositories and add them to a security campaign, which is … continue reading
Sonatype, a company focused on software supply chain security, has announced the results of its quarterly Open Source Malware Index, which provides insights into malicious open source packages. The index found 17,954 malicious open source software packages, including several hijacked npm crypto packages, a malicious npm package disguised as the Truffle for VS Code extension, … continue reading
GitHub announced it is making some changes to GitHub Advanced Security (GHAS), its AI-powered solution for application security that offers remediation, static analysis, secret scanning, and software composition analysis. Beginning April 1, GHAS will be split into two products that will be available as standalone options. GitHub Secret Protection prevents secret leaks by scanning secrets … continue reading
Symbiotic Security has announced updates to its application and IDE extension, which provides secure coding recommendations and fixes vulnerabilities as code is written. “With Symbiotic’s software, security is no longer an afterthought; it is where it should have always been – integrated into the software development lifecycle (SDLC) as a foundational part of the coding … continue reading
For years developers have been told to shift left, meaning that testing happens at the start of the software development process. The idea behind this is that it’s easier and more cost effective to find and fix an issue earlier on in an application’s life cycle. However, Dylan Thomas, senior director of product engineering at … continue reading
Integrations are nonnegotiable for SaaS companies. The average business’s SaaS portfolio encompasses 342 apps. Without integrations, these apps become data silos, and we all know the challenges with those. Customers expect seamless connectivity. According to G2, B2B software buyers consider integration capabilities a top factor in their decisions. Another survey found more than half of … continue reading
CISA, the government agency tasked with securing the U.S.’ cyber and physical infrastructure, has released new Information Technology (IT) Sector-Specific Goals (SSGs). According to the organization, the IT SSGs complement Cross-Sector Cybersecurity Performance Goals (CPGs) and offer “additional voluntary practices with high-impact security actions.” Organizations can use them to improve the security of their software … continue reading
Companies are planning to invest more heavily in AI skills and security governance, risk, and compliance initiatives this upcoming year, according to new research from O’Reilly. The company’s Technology Trends for 2025 report analyzed data from 2.8 million users on its learning platform. The research shows significant increases in interest in various AI skills, including … continue reading
Attackers are increasingly targeting open source projects, seeking to exploit holes in software that millions of organizations rely on as the foundation of their technology stacks. The staggering 280% year-over-year increase in software supply chain attacks in 2023 serves as a stark warning: open source projects and their leadership must elevate security to their highest … continue reading
The number of security challenges companies are facing continue to grow, but organizations are beginning to display signs of “AppSec exhaustion,” or decreased engagement in security practices. This is according to Snyk’s new State of Open Source report, which found that dependency tracking and code ship frequency has remained largely unchanged since last year. There … continue reading
MITRE recently released its yearly list of the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This list differs from lists that contain the most common vulnerabilities, as it is not a list of vulnerabilities, but rather weaknesses in system design that can be exploited to leverage vulnerabilities. “By definition, code injection is an attack, … continue reading
