Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.
Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.
Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.
IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.
The Linux Foundation has announced a new collaboration effort to improve open-source security. The Open Source Security Foundation (OpenSSF) aims to consolidate industry efforts with targeted initiatives and best practices. According to the Linux Foundation, OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all … continue reading
BlackBerry announced new efforts to fight against cybersecurity attacks at this week’s Black Hat USA 2020 conference. The company’s new open-source tool PE Tree is designed to significantly reduce the time and effort required to reverse engineer malware. According to the company, with the use of PE Tree, reverse engineers can view portable executable (PE) … continue reading
The OpenTelemetry .NET SDK has reached beta. Developers can now begin integrating the OpenTelemetry .NET SDK into their applications and libraries to capture and export metrics and traces. The beta release also includes instrumentation libraries for ASP.NET, ASP.NET Core, HTTP client, SQL client, and gRPC client. While functional, beta components have not gone through thorough … continue reading
Security company Veracode has announced it will be offering a Security Labs Community Edition as a free-to-use alternative to its Enterprise Edition. This new edition will allow developers to hack and patch real applications, allowing them to learn new tactics and best practices in a controlled, safe environment. The company had recently partnered with Enterprise … continue reading
Cloudflare has unveiled a new serverless solution to compete with AWS Lambda. The release of Cloudflare Workers Unbound offers a serverless platform for developers to run complicated computing workloads across the Cloudflare network and pay only for what they use. According to the company, the new solution can save users up to 75% for the … continue reading
Apple launched the Security Research Device (SRD) Program this week to help improve security for iOS users and to bring more researchers to the iPhone. It features an iPhone dedicated exclusively to security research, with unique code execution and containment policies. According to Apple, it is not meant for personal use or daily carry, and … continue reading
Software assurance and cybersecurity company GrammaTech announced it will be acquiring code analysis company JuliaSoft. According to GrammaTech, the acquisition will help it expand the reach of the CodeSonar SAST platform to Java and C#. The new language support extends the automated detection of software vulnerabilities to enterprise use cases where safety and security are … continue reading
The recently released 2020 Open Source Security and Risk Analysis (OSSRA) report, produced by the Synopsys Cybersecurity Research Center (CyRC), found that of more than 1,250 codebases analyzed in 2019, not only did virtually 100% have some open-source components, but also that an average of 70% of the code was open source, nearly double the … continue reading
Applitools added AI auto-maintenance and smart assist to its end-to-end platform. AI powered smart assist automatically analyzes large batches of test results, often numbering in the hundreds or even thousands of tests. It then removes any redundancies by grouping similar visual and functional regressions together. “Test maintenance is a painstaking and error-prone task, which is … continue reading
Apache APISIX, the cloud-native API gateway used to handle interface traffic for web, mobile, and IoT applications, just reached Top-Level Project status at the Apache Software Foundation. Apache APISIX is based on Nginx and etcd. “Thanks to the help of our mentors, contributors and the Apache Incubator, Apache APISIX has now graduated as a Top-Level … continue reading
Altova announced the release of MobileTogether 7.0, a low code app development framework that introduced a new debugger for testing and troubleshooting app behavior during development in addition to numerous tools for defining controls, actions and UI refinements. “Developers who are building highly sophisticated apps and solutions need the ability to troubleshoot throughout the development … continue reading
The Six Pillars of DevSecOps: Automation paper published by the Cloud Security Alliance provides a holistic framework for facilitating security automation within DevSecOps as well as best practices. “It’s vital that today’s DevOps teams be agile, able to address user requirements dynamically, release features incrementally, and deliver at a faster pace than their predecessors and … continue reading