Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
Azul has announced an update to its Vulnerability Detection solution that promises to reduce false positives in Java vulnerability detection by up to 99% by only flagging vulnerabilities in code paths that are actually used. According to Azul, typical scanners scan JAR files for components by name, rather than what the JVM actually loads. Erik … continue reading
Earlier this month, the Certification Authority(CA)/Browser Forum voted to significantly shorten the lifetime of TLS certificates: from 398 days currently to 47 days by March 15, 2029. The CA/Browser Forum is a collective of certificate issuers, browsers, and other applications that use certificates, and they’ve long been discussing the potential for shorter certificate lifetimes. As … continue reading
Harness has announced a new offering to help developers secure their cloud-native applications and APIs, the first major update to feature Traceable’s technology since the companies merged earlier this year. Traceable Cloud Web Application and API Protection (WAAP) provides web application protection, API security, bot mitigation, and DDoS defense. According to Sudhir Patamsetti, senior. director … continue reading
Snyk has announced a new dynamic application security testing (DAST) solution designed specifically for AI-powered software development. Snyk API & Web allows developers to test the security of all of their APIs and web apps, regardless of if the code was written by a developer or AI. It also provides detailed recommendations on how to … continue reading
Symbiotic Security is releasing a new tool that will enable automatic detection and remediation of vulnerabilities in code. Embedded directly into a developer’s IDE, Symbiotic Security Version 1 utilizes an AI model that was trained on a “proprietary, security-specific, and verified dataset.” In addition to detecting and remediating issues, it also features a built-in chatbot … continue reading
The fate of the CVE Program—a database that catalogs publicly disclosed security vulnerabilities—was unknown over the past 24 hours. Yesterday, it was leaked that the maintainer of the CVE Program, MITRE, sent a letter to CVE board members, saying that funding for the CVE program was set to expire today, April 16. “If a break … continue reading
Orca Security has announced a new integration that will enable it to scan Bitbucket repositories for misconfigurations, exposed secrets, and vulnerabilities. According to Orca Security, code scanning is an important element of any security program, and when developers utilize public code repositories, they typically have to manually embed CLI security tools into each repository and … continue reading
GitHub is announcing updates to its security offerings to help development teams tackle their security risk. Now generally available, security campaigns are a new way to bring security teams and development teams together. Security teams can prioritize the risks that need to be addressed across repositories and add them to a security campaign, which is … continue reading
Sonatype, a company focused on software supply chain security, has announced the results of its quarterly Open Source Malware Index, which provides insights into malicious open source packages. The index found 17,954 malicious open source software packages, including several hijacked npm crypto packages, a malicious npm package disguised as the Truffle for VS Code extension, … continue reading
GitHub announced it is making some changes to GitHub Advanced Security (GHAS), its AI-powered solution for application security that offers remediation, static analysis, secret scanning, and software composition analysis. Beginning April 1, GHAS will be split into two products that will be available as standalone options. GitHub Secret Protection prevents secret leaks by scanning secrets … continue reading
Symbiotic Security has announced updates to its application and IDE extension, which provides secure coding recommendations and fixes vulnerabilities as code is written. “With Symbiotic’s software, security is no longer an afterthought; it is where it should have always been – integrated into the software development lifecycle (SDLC) as a foundational part of the coding … continue reading
For years developers have been told to shift left, meaning that testing happens at the start of the software development process. The idea behind this is that it’s easier and more cost effective to find and fix an issue earlier on in an application’s life cycle. However, Dylan Thomas, senior director of product engineering at … continue reading
