Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

 

SD Times news digest: Altova 2021 focuses on customer requested features, IBM Cloud Pak for Security updated, and .NET 5.0 RC 2

Altova announced Version 2021 of the MissionKit desktop developer tools and server software with new features and improvements. This includes a new XBRL Taxonomy Manager that provides easy, centralized taxonomy installation and management across all XBRL-enabled products, data mapping for SWIFT messages, improvements for editing in JSON Grid View, attaching files to PDF during report … continue reading

SD Times news digest: CData Tableau Connectors, Facebook Hacker Plus bug bounty program, and Visual Studio Code 1.5 released

CData has announced Tableau Connectors, Excel updates and new drivers With the new Tableau Connectors, users can connect Tableau with real-time data from more than 200 popular SaaS applications, ERPs, CRMs, accounting tools and more. CData’s 2020 Excel Add-In update has enhanced performance and speed for bulk data processing and delivers an improved UI with … continue reading

Android Partner Vulnerability Initiative launched to help manage security issues

The Android Security and Privacy Initiative (APVI) was launched to help developers manage security issues specific to Android OEMs.  “The APVI is designed to drive remediation and provide transparency to users about issues we have discovered at Google that affect device models shipped by Android partners,” the Android team wrote in a blog post. The … continue reading

Report: 73% of developers sacrifice security for speed

A majority of developers feel forced to sacrifice security for the speed that today’s development cycles require. A recent report from WhiteSource found 73% of security teams at organizations are forced to cut corners, and the AppSec tools they use are to check the box towards DevSecOps improvements and are not effectively used.  “There are … continue reading

GitHub launches new code scanning capability

GitHub has announced that its code scanning feature is now available. The new code scanning capability scans code as it is created and provides reviews within pull requests and other GitHub experience. This automating of security helps ensure that vulnerabilities never make it to production, the company explained.  Code scanning integrates with GitHub Actions and … continue reading

SD Times news digest: Ruby 3.0 preview 1 release, Cron Triggers for the Cloudflare Workers, and TensorFlow Recommender

The Ruby 3.0 preview 1 introduces new features and performance improvements such as the ‘rbs’ gem, which allows parsing and processing type definitions written in RBS.  Additionally, the preview has a Ractor experimental feature, with which developers can make multiple tractors and run them in parallel.  ‘Thread#scheduler’ is introduced for intercepting blocking operations. This allows … continue reading

Snyk acquires real-time semantic code analysis provider DeepCode

Snyk is looking to bolster its security platform with the acquisition of DeepCode, a provider of real-time semantic code analysis. Through its AI-powered platform, DeepCode is able to assist developers with app quality and security. According to Snyk, the addition of DeepCode will add to its existing open-source security, container security and infrastructure as code … continue reading

SD Times news digest: Windows app development updates, GitLab 13.4, and the Auth0 Marketplace

Microsoft has announced new ways for Windows developers to build applications. The company announced it is working on a unified app platform that will enable developers to leverage new and existing code.  With Project Reunion, the company is working to unify access to Win32 and UWP APIs. “We will provide a common platform for new … continue reading

Putting developers into application security

Making security easy for developers, in their preferred tools, while still generating reports for the CISO is a challenge many organizations face today, when the reality is that late-stage security approaches can’t plug vulnerabilities deep within applications. Yet putting the onus squarely on developers is a gamble, as many aren’t knowledgeable about certain kinds of … continue reading

SD Times news digest: erwin launches new cloud migration and data governance suite, Atlassian Ventures, and Instaclustr for Redis

erwin has annoucned the launch of a new cloud migration and data governance suite. The new suite, erwin Cloud Catalyst, helps organizations quickly and safely migrate their data from legacy, on-premise databases to the cloud and then govern those data sets throughout their lifecycle. erwin Cloud Catalyst is comprised of erwin Data Modeler (erwin DM), … continue reading

Sonatype and NeuVector partner to centralize container and open source security

Sonatype, the company that scales DevOps through open source governance and software supply chain automation, and NeuVector, the leader in full lifecycle container security, today announced a new integration that provides a comprehensive view of all Kubernetes and Container open source risk in one place. The use of Kubernetes and Containers has skyrocketed in recent years. … continue reading

SD Times news digest: Slash GraphQL, Snyk closes $200 million round of funding, and DataStax introduces Indexing for Apache Cassandra

GraphQL database company Dgraph has announced the release of Slash GraphQL, a fully-managed GraphQL backend service for building GraphQL apps. According to the company, SlashGraphQL features custom logic and access to remote HTTP endpoints, the ability to run graph queries, integration with remote GraphQL servers, and more.  “Dgraph is unique: it’s the only native GraphQL … continue reading

1 2 3 49
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!