Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

 

Apple, Google, and Microsoft commit to expanding their support for FIDO Alliance

Apple, Google, and Microsoft today announced plans to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.  Whereas previous implementations of passwordless verification required users to sign in to each website or app with each device before they can use passwordless functionality, now users will … continue reading

Sysdig releases new vulnerability prioritization feature

Sysdig announced the release of Risk Spotlight, a vulnerability prioritization feature based on runtime intelligence. The feature enables teams to reduce vulnerabilities by 95% and allows developers to focus on shipping applications faster, according to Sysdig.  It also delivers vulnerability details such as CVSS vector from multiple sources, the fix version, and links to publicly … continue reading

How to avoid the top 7 Java security pitfalls

Even before the Log4j vulnerability led to the targeting of nearly one-half of global corporate networks, Java applications have presented abundant opportunities for hackers. After all, there are so many components to protect – server-side logic, client-side logic, data storage, data transportation, APIs and others – that it’s daunting to defend everything. In fact, serious … continue reading

GitHub’s Dependabot alerts now surface if code calls a vulnerability

GitHub announced a new feature for Dependabot alerts that helps developers see how vulnerabilities affect their code. Dependabot alerts use GitHub’s precise code navigation engine to determine if a repository directly calls a vulnerable function.  The new feature marks a shift in how GitHub curates information on vulnerable packages from the Advisory Database to curating … continue reading

Enterprise open source and the security of the software supply chain

In late 2021, a vulnerability was detected in the Java logging package Log4j, which is the most popular framework for logging in Java. It is used in millions of applications. Not only that, but it is used as a dependency in over 7,000 open-source projects, according to research from software security company Sonatype.  Given the … continue reading

Mirage 4.0 available with updates to the compiler

The library operating system MirageOS 4.0 has been released with better integrations and a significant change in how MirageOS compiles projects.  The project constructs unikernels for secure, high-performance, low-energy footprint applications across various hypervisor and embedded platforms. The MirageOS networking code powers Docker Desktop’s VPNKit and is also in use in Citrix Hypervisor, Nitrokey, Robur, … continue reading

SD Times Open-Source Project of the Week: xGitGuard

xGitGuard is a tool built by Comcast to keep inadvertently uploaded authentication secrets out of GitHub repositories that is now available as open-source software.  It can be used to scan GitHub at scale and identify proprietary authentication secrets, specifically passwords, API keys, and tokens. Development teams can use xGitGuard to identify credentials in their own … continue reading

Secure Code Warrior launches GitLab integration

Secure Code Warrior, a global security organization, has joined GitLab’s global partner program. This new partnership means that Secure Code Warrior will make its learning platform available to developers on GitLab’s DevOps platform.  This integration will work to enhance real-time secure coding guidance, which is an important piece of the process of detecting and fixing … continue reading

Prevention in the age of the never-ending attack surface

When we talk about progress, typically, digital advancement is at the forefront of the conversation. We want everything better, faster, more convenient, more powerful, and we want to do it for less money, time, and risk. For the most part, these “impossible” objectives are eventually met; it might take several years and multiple versions (and … continue reading

Security and usability are not mutually exclusive in mobile applications

Organizations that build or maintain mobile applications have a greater responsibility than ever to secure their applications as the number of application downloads continues to grow.  3.8 billion smartphone users accounted for 218 billion app downloads in 2020 alone. Zimperium conducted a survey last year in which 250 enterprises described the security issues they  struggled … continue reading

Google Identity Services update makes it easier to implement authentication

Last year, Google announced Google Identity Services (GIS), which is a set of APIs that consolidated several identity offerings from the company. Included in the GIS development kit are the Sign in with Google button and the authentication prompt One Tap.  Now, Google is adding an authorization feature to GIS to bolster the offerings of … continue reading

Report: 64% of companies were impacted by supply chain attacks mostly due to increased OSS reliance

The software industry’s reliance on open source along with a sharp increase in open source software (OSS) dependencies helped to make supply chains a major security target. 64% of organizations were impacted by a software supply chain attack in the last year according to a recent report.   The report, The 2022 State of the Software … continue reading

1 2 3 61
Ad will close in seconds
Continue to site
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!