Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

A guide to DevSecOps tools This article outlines DevSecOps tools, offering a guide to solve your development security challenges The hidden costs of data breaches The average cost of a data breach is $3.86 million globally. The study found the cost of data breaches on a business’ bottom line has been steadily increasing over the past five years. How your security budget helps hackers win When a single breach can cause untold damage to your business, from millions in losses to reputational damage, operational disruption, and lost trust, you want to align your security budget with the actual threats you face.

SD Times Open-Source Project of the Week: Ghidra

The NSA announced at the 2019 RSA Conference in San Francisco this week that it is making its software reverse engineering tool Ghidra available to the public and open source. According to the agency, the project is aimed at making reverse engineering software more attainable with tools designed, among other things, to model processor activity to … continue reading

Checkmarx adds more management capabilities to address security at scale

Checkmarx has announced several new capabilities at this week’s RSA Conference in San Francisco in the hopes that it will enable security at scale. The latest version of the Checkmarx Software Exposure Platform adds more to the management and orchestration layer of the product. According to the company, the new release will offer a more … continue reading

RSA 2019: Synopsys’ Polaris Software Integrity Platform, Sysdig’s Cloud-Native Intelligence Platform, WhiteHat security partnership program and more

RSA Conference is taking place this week in San Francisco with a number of companies and thought leaders coming together to tackle the latest and greatest cybersecurity threats. “Some say it’s impossible to stay ahead of cybersecurity threats. We disagree. We’ll always be here as your go-to resource for exchanging ideas, learning the latest trends … continue reading

WebAuthn becomes an official recommended web standard

The Internet is one step closer to a passwordless future. The World Wide Web Consortium (W3C), along with the FIDO Alliance, announced that Web Authentication (WebAuthn) specification is now a web standard. WebAuthn is a core component of the FIDO Alliance’s FIDO 2 set of specifications, which aims to provide easier authentication services to mobile … continue reading

Hackers are still sticking to the tried-and-true methods

Despite evolutions in technology, hackers are still using the same old tricks, though sometimes in a more evolved way. The hacker mentality is to want to grab the low-hanging fruit, or go after the easiest target, explained Sivan Rauscher, co-founder and CEO of SAM, a network security company. For attackers trying to find those low-hanging … continue reading

Microsoft to democratize homomorphic encryption with SEAL for .NET

Microsoft is introducing its open-source homomorphic encryption solution to the .NET developer ecosystem. Microsoft SEAL for .NET is a wrapper library designed to enable developers to interact with Microsoft SEAL for .NET apps. Microsoft SEAL, or Simple Encryption Arithmetic Library, was first open-sourced in December. “As we increasingly move our data to the cloud, there … continue reading

SD Times news digest: CogitAI’s self-learning AI platform, ElectricFlow Winter Release, and ShiftLeft’s Series B funding

CogitAI has announced that its Continua software-as-a-service AI platform is now available. According to the company, the Continua platform can turn any “process, system, software bot, or real robot into a self-learning autonomous service to drive actionable business outcomes.” Potential use cases for the SaaS platform include vehicles, video games, building management, Robotic Process Automation … continue reading

SD Times news digest: Syncfusion Essential Studio 2018 Volume 4, WhiteHat Security’s Essentials line, and Pharo 7.0

Syncfusion has released Essential Studio 2018 Volume 4, which includes six new controls for the JavaScript and Xamarin toolkits, such as TreeGrid, PDF Viewer, Chip, Splitter, and QueryBuilder. Other highlights of the release are new features for JS 2’s existing controls, an improved Xamarin UI toolkit, extended support for high DPI to WinForm controls, and … continue reading

Guest View: The modern security hero is a developer

As software becomes more sophisticated, the need for a security culture in organizations becomes more urgent. However, organizations’ security teams rarely have the necessary resources and expertise to support developers. In fact, the BSIMM 2016 survey indicates that for every 245 software engineers, there is 1 security expert. Not only do organizations lack the resources … continue reading

Security continues to be a black cloud for businesses

The year would not be complete without a major security breach, and although there are a number to choose from throughout any given year, Marriott ended 2018 with a doozy. The company revealed at the end of November that there had been unauthorized access to its Starwood reservation database for more than four years. This … continue reading

Veracode: DevSecOps is having a positive impact on security, but the state of security still has a long way to go

Even with a stronger focus on security this year, most software is still riddled with security vulnerabilities. According to Veracode’s State of Software Security (SOSS) report, 87.5 percent of Java applications, 92 percent of C++ applications, and 85.7 percent of .NET application contain at least one vulnerability. In addition, over 13 percent of applications contain … continue reading

SD Times news digest: Android Keystore, Flexera and MachineShop’s technology alliance, and Clarity

Google announced new security updates to its Android Pie Keystore. The Keystore provides cryptographic tools for securing user data. “Keystore moves the cryptographic primitives available in software libraries out of the Android OS and into secure hardware. Keys are protected and used only within the secure hardware to protect application secrets from various forms of … continue reading

1 2 3 36
© 2019 D2 Emerge LLC.
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!