Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
GitHub wants to help protect the open-source ecosystem with the announcement of the GitHub Security Lab. The lab is designed to bring together security researchers, maintainers and companies who are dedicated to open-source security. In addition, the company will provide tools, resource bounties ,and hours of security research. “We all share a collective responsibility to … continue reading
Brave launched its new browser designed to offer users a fast browsing experience, while funding the Web through a new attention-based platform of privacy-preserving advertisements and rewards. Brave’s private ads and payment platform (Brave Rewards) is now available for iPhones and iPads in addition to desktops and Android devices. “Either we all accept the $330 … continue reading
There is currently a skills gap in cybersecurity, and companies need to go a long way to fill that gap. According to a new study from (ISC)2, the cybersecurity workforce will need to grow 145% in order to close that gap. The 2019 (ISC)2 Cybersecurity Workforce Study estimates that the cybersecurity workforce is currently made … continue reading
Google open sourced its Cardboard project that lets developers create VR experiences across Android and iOS devices. “We think that an open source model—with additional contributions from us—is the best way for developers to continue to build experiences for Cardboard,” Google wrote in a blog post. “We’ve already seen success with this approach with our … continue reading
Continuous intelligence company Sumo Logic announced that it acquired JASK Labs, a provider of cloud-native autonomous security operations center (ASOC) software. Sumo Logic plans to expand its cloud-native security intelligence solution to supersede legacy SIEM technology. Ninety-three percent of security professionals think traditional SIEM solutions are ineffective for the cloud, according to the company. The … continue reading
Software security company Veracode has revealed that organizations should use DevSecOps as a way to reduce security debt. Similar to technical debt, security debt occurs when flaws age and accumulate without getting fixed. In their 10th annual State of Software Security (SOSS) report, the company revealed that many of the flaws discovered 10 years ago … continue reading
Gartner revealed its top 10 strategic technology trends for the next year at its IT Symposium/Xpo 2019 conference in Orlando. According to the company, a strategic technology trend is one that has the potential to disrupt the industry and break out into broader impact and use. Unlike last year’s trends, this year’s trend does not … continue reading
To understand an enterprise’s current state of software security risk, executives, security practitioners and development teams need information. Benchmarks provide useful information on performance and risk. However, ideas about which benchmarks are most important will differ depending upon the corporate stakeholder to whom you’re speaking. For example, a business decision-maker has to justify the expense … continue reading
National Cybersecurity Awareness Month is observed every October as a way to raise awareness about the importance of cybersecurity, but despite the efforts to provide a safer and more secure Internet — problems still remain. In 1998, a group of computer hackers went in front of the Senate to warn them about cyber security. The … continue reading
Top law enforcement officials are urging Facebook to stop its privacy initiative. In an open letter to Facebook, government officials from the United States, United Kingdom and Australia told Facebook it should not proceed with its plans without “including a means for lawful access to the content of communications to protect our citizens.” It also … continue reading
The rise of DevSecOps has stressed the importance of shifting security left in order to provide better protection. A recently released report, though, found shifting left isn’t enough. In order for security to be viewed as more than just an extra step, it needs to be built into the entire life cycle. Puppet, CircleCI and … continue reading