Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

A guide to DevSecOps tools This article outlines DevSecOps tools, offering a guide to solve your development security challenges The hidden costs of data breaches The average cost of a data breach is $3.86 million globally. The study found the cost of data breaches on a business’ bottom line has been steadily increasing over the past five years. How your security budget helps hackers win When a single breach can cause untold damage to your business, from millions in losses to reputational damage, operational disruption, and lost trust, you want to align your security budget with the actual threats you face.

SD Times news digest: CogitAI’s self-learning AI platform, ElectricFlow Winter Release, and ShiftLeft’s Series B funding

CogitAI has announced that its Continua software-as-a-service AI platform is now available. According to the company, the Continua platform can turn any “process, system, software bot, or real robot into a self-learning autonomous service to drive actionable business outcomes.” Potential use cases for the SaaS platform include vehicles, video games, building management, Robotic Process Automation … continue reading

SD Times news digest: Syncfusion Essential Studio 2018 Volume 4, WhiteHat Security’s Essentials line, and Pharo 7.0

Syncfusion has released Essential Studio 2018 Volume 4, which includes six new controls for the JavaScript and Xamarin toolkits, such as TreeGrid, PDF Viewer, Chip, Splitter, and QueryBuilder. Other highlights of the release are new features for JS 2’s existing controls, an improved Xamarin UI toolkit, extended support for high DPI to WinForm controls, and … continue reading

Guest View: The modern security hero is a developer

As software becomes more sophisticated, the need for a security culture in organizations becomes more urgent. However, organizations’ security teams rarely have the necessary resources and expertise to support developers. In fact, the BSIMM 2016 survey indicates that for every 245 software engineers, there is 1 security expert. Not only do organizations lack the resources … continue reading

Security continues to be a black cloud for businesses

The year would not be complete without a major security breach, and although there are a number to choose from throughout any given year, Marriott ended 2018 with a doozy. The company revealed at the end of November that there had been unauthorized access to its Starwood reservation database for more than four years. This … continue reading

Veracode: DevSecOps is having a positive impact on security, but the state of security still has a long way to go

Even with a stronger focus on security this year, most software is still riddled with security vulnerabilities. According to Veracode’s State of Software Security (SOSS) report, 87.5 percent of Java applications, 92 percent of C++ applications, and 85.7 percent of .NET application contain at least one vulnerability. In addition, over 13 percent of applications contain … continue reading

SD Times news digest: Android Keystore, Flexera and MachineShop’s technology alliance, and Clarity

Google announced new security updates to its Android Pie Keystore. The Keystore provides cryptographic tools for securing user data. “Keystore moves the cryptographic primitives available in software libraries out of the Android OS and into secure hardware. Keys are protected and used only within the secure hardware to protect application secrets from various forms of … continue reading

SD Times news digest: Google’s security warning, Stack Decisions, and Git 2.20

Google is notifying developers about an ongoing investigation, and applications and SDKs that may be at risk for abuse. The company revealed last week two apps were removed from the Google Play Store because of evidence of attribution abuse. The company also found abuse in three ad network SDKs and have began contacting developers using … continue reading

SD Times news digest: Amazon S3 leaks, Flexera AdminStudio 2018 R3, and Databricks Apache Spark 2.4 support

AWS has added four new controls to S3 to help prevent leaks. Amazon S3 buckets and objects are private by default, but settings can be changed that make them public. “We want to make sure that you use public buckets and objects as needed, while giving you tools to make sure that you don’t make … continue reading

SD Times Blog: How to effectively build a security awareness program for your organization

At the Infosecurity North America conference in New York City this week, a group of security executives from various organizations came together to talk about the key features of successful security awareness programs. All panelists stressed the importance of developing a strategy that is tailored to their individual organization. Matt Nappi, CISO at Stony Brook … continue reading

SD Times news digest: SignalFx Microservices APM, Dart 2.1, and Bugcrowd’s pen testing solution

Cloud monitoring company SignalFx has revealed SignalFx Microservices APM, which is a new application performance monitoring solution designed for DevOps teams. The solution is built on top of the company’s streaming analytics platform, giving it access to power data analytics. “The world happens in real-time and if something goes wrong, finding problems minutes later just … continue reading

Going to school on open-source security

Open-source software forms the backbone of most modern applications. According to the 2018 Black Duck by Synopsys Open Source Security and Risk Analysis Report, 96 percent of the 1,100 commercial applications that the company audited for the survey contained open-source components, with each application containing an average of 257 open-source components. In addition, on average, … continue reading

SD Times open-source project of the week: Infosys DevOps Platform

Infosys has released what it calls a enterprise-class integrated DevOps platform into open source. According to the company’s Chief Operating Officer Pravin Rao, “enterprises pursuing digital transformation require Agile and DevOps at scale to rapidly adopt new technologies, transform legacy systems and respond swiftly to new requirements.” The Infosys DevOps Platform is meant to address … continue reading

1 2 3 35
© 2019 D2 Emerge LLC.
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!