Software Security Guide

Securing an application is just as important as building it in the first place. As data becomes more valuable, there are more people who want to steal it and use it for their own personal gain.

Making sure applications are indeed secure has always been a challenge, as hackers try to stay one step ahead of defenders. When organizations ran their applications in their own data centers, firewalls were an effective way of denying hackers access. The explosion of the Internet led to the creation of web applications, with entry points via the browser into client-side code that could endanger the organization.

Further, the increased speed of feature delivery in software stresses security teams trying to prevent hacks and data breaches. Today, with application modularity and edge computing increasing, along with the increased use of open-source software, that challenge has only become more difficult. Hackers now have more surface area to target than ever before. Here are the top threats organizations face as they work to secure their applications, data and systems.

IT and developers must work to ensure that their applications and systems are secure. On the development side, security touches nearly every step of the process, from the planning stage, development, to testing. The use of automation in security can help organizations stay one step ahead.

 

SD Times news digest: MobileTogether 7.3, Sila announces $13 million Series A round, and Cloudflare launches Project Pangea

Altova announced the release of MobileTogether 7.3, a rapid app development platform for building enterprise solutions.  The latest release introduces options to enable in-app purchases in the native iOS, Android, and Windows apps they create using MobileTogether and the ability to embed the MobileTogether Windows client in one’s own UWP.  It also adds support for … continue reading

SD Times news digest: Android giving extension to comply with new Play Payments Policy, Sentry performance monitoring for iOS and Release Health for Python, Sysdig to acquire Apolicy

Android stated that it would extend the September 30th deadline for adhering to the Google Play Payments policy to March 31st, 2022.  Starting on July 22nd, developers can appeal for an extension through the Help Center. Android said it will review each request and get back to requests as soon as possible. Additional details are … continue reading

SD Times news digest: Android ML inference stack, IBM to acquire BoxBoat Technologies, Aqua Security acquires tfsec

Android announced its updateable, fully-integrated ML inference stack for developers to get built-in on-device inference essentials, optimal performance on all devices and a consistent API that spans Android versions.  TensorFlow Lite will be available on all devices with Google Play Services and will no longer require developers to include the runtime in their apps.  Also, … continue reading

SD Times news digest: JRebel 2021.3.0 and XRebel 2021.3.0, HPE acquires Ampool, Ruby 3.0.2 released

The JRebel 2021.3.0 release adds support for Vaadin 20.0, SpringBoot 2.5, and Glassfish 6.1.  Vaadin 20.0 has support for Gradle as well as Spring Security helpers and the latest SpringBoot versions allow JRebel users to be able to freely update their applications to the latest technologies available. Also, the XRebel 2021.3.0 release adds support for … continue reading

SD Times news digest: BMC announces new mainframe security updates, Emerson launches Plantweb Optics Data Lake, Melissa named data quality leader

The autonomous digital enterprise solution provider BMC announced several new innovations and integrations within the BMC Automated Mainframe Intelligence and BMC Compuware portfolios to harden mainframe security.  The update provides automated detection and response capabilities, which allow weaknesses and malicious activity to be discovered before a compromise occurs.  With the new integrations, developers now have … continue reading

Scorecards logo

SD Times Open-Source Project of the Week: Scorecards

The Scorecards project is an automated security tool that produces a “risk score” for open-source projects that just reached version 2 yesterday.  The new version adds new security checks, a scaled up number of projects being scored and data has been made easily accessible for analysis.  It was created last fall by the Google Open … continue reading

bottle of poison

How hackers poison your code

Hackers are always looking for new ways to compromise applications. As languages, tools and architectures evolve, so do application exploits. And the latest target is developers. Traditionally, software supply chain exploits, such as the Struts incident at Equifax, depended on an organization’s failure to patch a known vulnerability. More recently, supply chain attacks have taken … continue reading

GitHub copilot diagram

GitHub Copilot aims to help developers write better code

GitHub launched a technical preview of GitHub Copilot, a new AI pair programmer that helps developers write better code. The tool draws context from the code that’s being worked on and suggests whole lines or entire functions to suggest alternative ways to solve problems, write tests, and explore new APIs without having to search for … continue reading

Report: Remote work created vulnerabilities in systems designed for in-office workforce

As employees transitioned to working from home, this created new vulnerabilities in systems designed for a centralized, in-office workforce and also resulted in a spike in cybercriminal activity. This is according to the new 2021 Network Security Report conducted by the cybersecurity and managed security services provider Trustwave which is based on scans of millions … continue reading

DevOps requires a modern approach to application security

Time to market is a key indicator today of business success, and anything that impedes a business’ ability to move fast needs to be addressed. While there have been a number of efforts to automate and integrate security into the application development process, it continues to be a hindrance to many organizations.  Organizations are still … continue reading

SD Times news digest: Visual Studio 2022 Preview 1, Rust 1.53 released, HackerOne announces GitHub integration

Microsoft announced the first preview release of Visual Studio 2022, which the company aims to use to test and tune the scalability of the new 64-bit platform.  The Visual Studio 2022 previews can be installed side-by-side with earlier versions of Visual Studio, which are available in all three editions (Community, Pro, and Enterprise), and are … continue reading

Davis Security Advisor screenshot

SD Times news digest: Dynatrace announces Davis Security Advisor, Nylas raises $120 million in Series C funding, W3C makes Web Audio API an official standard

The new Davis Security Advisor automatically contextualizes and prioritizes application vulnerabilities to reduce enterprise risk by empowering DevSecOps teams to make more informed real-time decisions.  Davis automatically monitors all software libraries in preproduction and production and removes false positives. It then aggregates vulnerability data and prioritizes remediation tactics.  “Manual processes and piecemeal solutions that don’t … continue reading

1 2 3 57
HTML Snippets Powered By : XYZScripts.com

Get access to this and other exclusive articles for FREE!

There's no charge and it only takes a few seconds.

Sign up now!