Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

 

Checkmarx API Security released to shift API security left

Checkmarx API Security was launched to empower the partnership between the developer and AppSec teams of an organization and is delivered as part of the Checkmarx One application security platform.  Because APIs are used to access data and to call application functionality, they are easily exposed but difficult to defend which creates a large and … continue reading

New CI/CD configuration policies added to Checkov

Checkov, the open-source tool for finding infrastructure misconfigurations, has been updated with new CI/CD configuration policies. These policies can be applied across popular CI/CD frameworks like GitHub Actions, GitLab Runners, BitBucket Pipelines, CircleCI, and Argo.  Checkov has a developer-first approach to supply chain security, so it embeds these CI/CD policies directly into existing DevOps workflows … continue reading

Harness releases Security Testing Orchestration

Harness Security Testing Orchestration (STO) was launched today to help businesses deliver value quicker by increasing velocity and security in deployments. The tool automates security scanning and governance in the software delivery process. Although DevSecOps gets rid of many late-stage security concerns, it also forces developers to balance quality and speed at which to deliver … continue reading

Opsera introduces GitCustodian to protect source code repositories

The team at Opsera, the Continuous Orchestration platform for DevOps, today announced the release of Opsera GitCustodian. This new solution is intended to alert security and DevOps teams of vulnerable data found in source code repositories so that they can prevent vulnerabilities from making it to production. GitCustodian also works to automate the remediation process … continue reading

Asking developers to do security is a risk in itself without training

As the pace and complexity of software development increases, organizations are looking for ways to improve the performance and effectiveness of their application security testing, including “shifting left” by integrating security testing directly into developer tools and workflows. This makes a lot of sense, because defects, including security defects, can often be addressed faster and … continue reading

Combining Static Application Security Testing (SAST) and Software Composition Analysis (SCA) Tools

When creating, testing, and deploying software, many development companies now use proprietary software and open source software (OSS).    Proprietary software, also known as closed-source or non-free software, includes applications for which the publisher or another person reserves licensing rights to modify, use, or share modifications. Examples include Adobe Flash Player, Adobe Photoshop, macOS, Microsoft … continue reading

W3C announced Decentralized Identifiers (DIDs) v1.0 as official web standard

The World Wide Web Consortium (W3C) announced that Decentralized Identifiers (DIDs) v1.0 is now an official web standard.  The new type of verifiable identifier doesn’t require a centralized registry and it will enable individuals and organizations to take better control of their online information while providing greater security and privacy, according to W3C.  Users will … continue reading

Stytch launches modernized Passwords

In an attempt to meet companies where they are in their transition to passwordless, Stytch introduced a new password-based authentication solution “rebooted for the modern era.” The idea behind the solution is to create a way for companies to ease into passwordless by not quitting passwords cold turkey since a full 85% of IT and … continue reading

Rafay Systems launches new open-source Kubernetes project

Rafay Systems launched a new open-source software project named Paralus to help keep users safe and applications secure on any Kubernetes environment for free. Paralus offers identity and access management throughout an organization by providing a single login zero-trust K8s solution to grant authorized users seamless and secure access to all clusters with a native … continue reading

How obfuscation can help with data breach mitigation

Data breaches are nothing new, but they have pretty consistently increased year-over-year. Despite the massive amounts of money companies invest into security to prevent breaches, they still commonly occur. According to a report from the Identity Theft Resource Center (ITRC), 2021 saw an all-time high of data breaches, 23% more than the previous all-time high.  … continue reading

If you don’t stop to secure DevOps as part of your VSM, you could miss it

Developers now encounter all kinds of tools and integrations coming at them from everywhere, for all parts of the software delivery process and an ever-increasing threat landscape.  Trying to handle security with DevOps these days can sometimes leave us thinking like Ferris Bueller: “How could I be expected to handle school on a day like … continue reading

How Capital One is strengthening the software supply chain

As we see an increase in use of open source software, a well-managed supply chain and secure software delivery pipelines are critical for business success, according to Nureen D’Souza, leader of Capital One’s Open-Source Program Office and speaker at cdCon 2022. “It’s important to implement a company-wide culture with security ingrained that allows developers to … continue reading

1 2 3 62
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!