Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

SD Times news digest: Postman 7.1, Auth0 secures $103 million, and an update on the Stack Overflow breach

API development environment provider Postman has announced Postman 7.1, which enables developers to create APIs directly within the app. The release features new API, define, develop, test and observe tabs, API elements, extended schema support, and versioning and version tagging. The new versioning feature allows developers to maintain multiple versions of an API simultaneously, Postman … continue reading

Shifting left for better security? It’s just as important to shift right too

There’s been a lot of talk lately in security and development circles about the need to shift left in the software development lifecycle—and rightly so. By bringing security into the picture from the beginning, you can catch weak designs and bugs earlier, when they’re cheaper and easier to fix. So far, so good. But does … continue reading

Open Source Day 2019 focuses on the cloud, security and development

The 12th edition of Open Source Day (OSD) will take place today at the Legia Warsaw Stadium in Poland’s capital city. The event will include presentations, forums and nine technical sessions spanning automation, containerization, cloud computing, virtualization, security, monitoring, CI/CD, software and app development and databases. “Participants at the upcoming event will be able to … continue reading

SD Times news digest: Android Q gets new security features, The Data Literacy Project announces community forum, CentOS releases status update on OS rebuild

Android Q is getting new security features that include encryption, platform hardening and authentication. In the Q release, the company is launching Adiantum, designed to run efficiently without cryptographic acceleration hardware, and to work across everything from smart watches to internet-connected medical devices. Now, all compatible Android devices newly launching with Android Q are required … continue reading

Open-source software use grows but risks remain, study finds

Open source software makes up more than half of enterprise codebases analyzed in 13 out of 17 industries, according to this year’s Open Source Software Risk Assessment study by the Black Duck Audit Services team at code quality analysis software provider Synopsys. But this increase in use also points to increased risk, as patches to … continue reading

SD Times Open-Source Project of the Week: Ghidra

The NSA announced at the 2019 RSA Conference in San Francisco this week that it is making its software reverse engineering tool Ghidra available to the public and open source. According to the agency, the project is aimed at making reverse engineering software more attainable with tools designed, among other things, to model processor activity to … continue reading

Checkmarx adds more management capabilities to address security at scale

Checkmarx has announced several new capabilities at this week’s RSA Conference in San Francisco in the hopes that it will enable security at scale. The latest version of the Checkmarx Software Exposure Platform adds more to the management and orchestration layer of the product. According to the company, the new release will offer a more … continue reading

RSA 2019: Synopsys’ Polaris Software Integrity Platform, Sysdig’s Cloud-Native Intelligence Platform, WhiteHat security partnership program and more

RSA Conference is taking place this week in San Francisco with a number of companies and thought leaders coming together to tackle the latest and greatest cybersecurity threats. “Some say it’s impossible to stay ahead of cybersecurity threats. We disagree. We’ll always be here as your go-to resource for exchanging ideas, learning the latest trends … continue reading

WebAuthn becomes an official recommended web standard

The Internet is one step closer to a passwordless future. The World Wide Web Consortium (W3C), along with the FIDO Alliance, announced that Web Authentication (WebAuthn) specification is now a web standard. WebAuthn is a core component of the FIDO Alliance’s FIDO 2 set of specifications, which aims to provide easier authentication services to mobile … continue reading

Hackers are still sticking to the tried-and-true methods

Despite evolutions in technology, hackers are still using the same old tricks, though sometimes in a more evolved way. The hacker mentality is to want to grab the low-hanging fruit, or go after the easiest target, explained Sivan Rauscher, co-founder and CEO of SAM, a network security company. For attackers trying to find those low-hanging … continue reading

Microsoft to democratize homomorphic encryption with SEAL for .NET

Microsoft is introducing its open-source homomorphic encryption solution to the .NET developer ecosystem. Microsoft SEAL for .NET is a wrapper library designed to enable developers to interact with Microsoft SEAL for .NET apps. Microsoft SEAL, or Simple Encryption Arithmetic Library, was first open-sourced in December. “As we increasingly move our data to the cloud, there … continue reading

SD Times news digest: CogitAI’s self-learning AI platform, ElectricFlow Winter Release, and ShiftLeft’s Series B funding

CogitAI has announced that its Continua software-as-a-service AI platform is now available. According to the company, the Continua platform can turn any “process, system, software bot, or real robot into a self-learning autonomous service to drive actionable business outcomes.” Potential use cases for the SaaS platform include vehicles, video games, building management, Robotic Process Automation … continue reading

1 2 3 36
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!