Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

 

Google Safe Browsing now performs real-time checks in privacy-preserving manner

Google has announced a new way to further protect its privacy-minded users who are browsing using Google Safe Browsing, which is a Google Search setting that warns users when they may be entering a potentially dangerous site.  While it has warned users about harmful sites across 5 billion devices since its launch 15 years ago, … continue reading

New Relic adds proof-of-exploit reporting to its IAST tool

New Relic has introduced enhanced features to its Interactive Application Security Testing (IAST) tool, including a novel proof-of-exploit reporting function for more effective application security testing.  This update allows New Relic’s users to pinpoint exploitable vulnerabilities within their applications, allowing them to replicate issues for easier remediation before they release new software versions. This advancement … continue reading

Biden-Harris Administration to require secure software development attestation form for government software

As part of its ongoing efforts to improve cybersecurity, the Biden-Harris Administration has announced that it has approved a secure software development attestation form. The form, which was jointly developed by CISA and the Office of Management and Budget (OMB), will be required to be filled out by any company providing software that the Government … continue reading

WSO2 updates Identity Server with a new API that allows for browser-less authentication

WSO2 is updating its open-source identity and access management (IAM) software, Identity Server. Key highlights of Identity Server 7.0 include a new authentication API, a new visual editor, and one-click access to application templates. The new authentication API allows developers to build authentication flows that happen directly in an application rather than redirecting to a … continue reading

Report: Security suffering due to a “zombie code” apocalypse

A majority of codebases contain outdated components, or “zombie code,” which can result in unpatched vulnerabilities lingering long after they should have been fixed. According to Synopsys’ Open Source Security and Risk Analysis report, which was released today, 91% of codebases contain components that are at least 10 versions out-of-date. Furthermore, 49% of codebases contain … continue reading

White House recommends software be written in memory safe languages to improve cybersecurity

The White House Office of the National Cyber Director (ONCD) is calling on technology leaders to work together to reduce the software attack surface by adopting memory safe programming languages. Memory safety bugs are one of the most prevalent security issues over the last few decades, according to a report published by the office. These … continue reading

OpenSSF shares progress for its Alpha-Omega project in 2023

The Open Source Security Foundation (OpenSSF) released the annual report for its Alpha-Omega project, an initiative that focuses on identifying and remedying vulnerabilities within source code to create a safer digital environment.  According to OpenSSF, the Alpha-Omega project has become a pivotal player in enhancing the security infrastructure of open-source software, reflecting a proactive approach … continue reading

Apple makes changes to iOS, Safari, and App Store in response to EU’s Digital Markets Act

Apple has announced significant updates to iOS, Safari, and the App Store, specifically for the European Union, in response to the Digital Markets Act (DMA).  These updates encompass over 600 new APIs, enhanced app analytics, support for alternative browser engines, and more options for app payment processing and iOS app distribution. These changes aim to … continue reading

O’Reilly finds 3,600% increase in interest in generative AI in last year

It’s no surprise that people have grown more interested in AI over the last year. The technology insights company O’Reilly has just published its annual trends report, in which it revealed just how much more interest people have these days. According to the findings, interest in GPT and generative AI has grown 3,600% year over … continue reading

Quest Software unveils new standalone Toad Data Studio solution to simplify database management and analysis

Quest Software, a provider of systems management, data protection, and security software, has announced the general availability of Toad Data Studio. This all-in-one platform is designed to streamline database management across multi-database platform environments. The release comes at a time when the complexity of database infrastructure is increasing and enterprises are struggling with agility and … continue reading

Report: APIs are the biggest form of internet traffic and biggest attack vector

In a recent surge within the digital sphere, APIs have eclipsed other forms of internet traffic, becoming a pivotal component of our online world. The 2023 API Security and Management Report indicates that APIs now account for more than half (57%) of the dynamic internet traffic processed by Cloudflare in the past year.  Yet, this … continue reading

A guide to security testing tools

The following is a listing of security testing tool providers, along with a brief description of their offerings. FEATURED PROVIDER HCL AppScan helps organizations pinpoint and remediate vulnerabilities throughout the software development lifecycle (SDLC) with a suite of application security testing platforms available as a cloud-based service (SaaS), self-managed, or cloud-native. Powerful static, dynamic, interactive, … continue reading

1 2 3 71
DMCA.com Protection Status